In light of some of the recent high-profile attacks; We wanted to share some basic cybersecurity tips for businesses of all sizes and provide a simple checklist so that you can audit your company’s cybersecurity strategy.
This is all standard practice for seasoned security experts, but as we have seen, even the biggest companies in the world can overlook the basics and get caught out.
Sharing Passwords – What’s your strategy?
Pinning Passwords to Slack is not a good idea (See – Twitter). Sending it in an email or even in a private message is no better. Nothing beats old-fashioned verbalization or writing with a pen and paper (that is destroyed afterward). In today’s world, we can also use a password manager.
As hard as we try, most passwords are pretty easy to crack, which is why Password Managers are great for automating different complex passwords on each site you use.
Password Managers aren’t perfect, but using one is a lot more secure than “Password1” or your mother’s Maiden name.
Here is a good list of password managers to research.
2 Factor Authentication
There are some downsides to 2 Factor Authentication, as some high-profile hacks have been caused by 2FA manipulation. However, industry experts tend to agree it is better than simply using your password.
Having a 2nd layer of protection should stop most basic social engineering hacks. In fact, Microsoft believes it could contribute to stopping 99.99% of hacking attempts on their accounts.
Regularly Auditing Employee Access
Disgruntled former employees with access to your data are not a good combination. With so many various access points, proper security audits must be done when someone leaves your organization. Think of social media platforms and other third-party software services with shared logins and ensure access is revoked.
Locking Idle Computer Screens
Your bathroom break could become a security crisis unless you take precautions and lock your screen. Mobile phones tend to have this built-in, but the behavior doesn’t always translate to laptops or desktops.
Building a culture of security should start with locking your screen, and if you want to be extra safe, there are numerous ways you can automatically lock your screen when you go inactive. Here is how to do it for Windows.
Phishing is obtaining data via fraudulent means, often by disguising oneself as a trustworthy partner. This type of attack is common in email, through duplicated sites, or instant messaging.
Educating your staff on Phishing is important as human error is the number one cause of serious attacks.
Phishing.org is a good resource for information on Phishing.
Up to date Firewall
Firewalls keep a lot of the bad stuff out and are a worthy investment for all business types. However, an outdated firewall is not of much use. Threats evolve constantly, and it’s important to keep your firewalls up to date with the latest version.
Update your Software too
On the topic of keeping things up to date, it’s important that you continually ensure your software stack & operating systems are up to date with the latest versions. Companies continually release patches and bug fixes and publish the vulnerabilities that are resolved. This is great unless you are using an old version of the software, then it serves as a road map for an attack.
Create An Incident Response plan
The size of your organization will determine what kind of incident response plan is necessary, but every business should consider the worst and plan for it. By preparing contingencies, you can mitigate the damage caused by an attack. Here is a good guide for SMEs.
Continuous Security & Vulnerability Assessments
By continually testing your website and /or web app (s), you will know your vulnerabilities before any hackers do.
While it sounds intimidating, it doesn’t have to be difficult. We’ve built our software to be extremely user-friendly, and you can set up a scan of your site within 2 minutes.
You can start your journey towards Continuous Security today. We offer a 14 Day Free Trial to test all your web applications.
To make sure that your data is secure:
- Your network firewall is up to date with the latest patches and updates
- There are no backdoors into your systems
- Passwords are strong and change regularly
- Backups are kept up to date
- The staff know what to do if their computer gets infected
- Data is encrypted where necessary
- You only allow trusted devices onto your network
- You follow best practices when using cloud storage services
- You use two-factor authentication wherever
Cybersecurity tips for small business
1. Have a plan: Before starting any new project, make sure you’ll know what you are going to do, how it will be done, who will do it, when it needs to be completed, and why it is important. This way, if something goes wrong, you won’t waste time trying to figure things out.
2. Keep up with updates: Make sure your computer has the latest patches installed. If you don’t know how to install them, ask someone who does. You should also keep your operating system updated regularly, and use antivirus programs to scan files on your computer before opening them.
3. Be careful about clicking links: Don’t click on unknown links in emails or web pages. Instead, type the URL into your browser’s address bar. Also, avoid downloading attachments unless they come from people you trust.
4. Use strong passwords: Passwords shouldn’t be easy to guess. They should contain at least eight characters, include upper- and lowercase letters, and should not be based on personal information like names, birthdays, addresses, etc.
5. Back up data: Backing up data is an essential part of keeping your business secure. There are many ways to back up data, including using cloud storage services, external hard drives, CDs/DVDs, tapes, or USB flash drives.
6. Encrypt sensitive data: When sending sensitive data over the Internet, encrypt it first. This prevents anyone else from reading it while in transit. The most common encryption method used today is called SSL.
Frequently Asked Questions:
Why is Cybersecurity Important For Business?
Businesses need to protect themselves against cyberattacks because hackers can steal confidential information, disrupt operations, cause financial losses, and damage reputations.
What Can Happen If You Don’t Protect Your Data from Cyberattacks?
Hackers can access your business’s network by breaking through firewalls, gaining unauthorized access to computers, stealing login credentials, or exploiting known vulnerabilities. Once inside, they can view documents, delete files, change settings, and shut down servers.
How Do I Know If My Company is at Risk of Cyber Attack?
The best way to tell if your company is vulnerable to a cyberattack is to perform a risk assessment. Risk assessments help identify potential weaknesses in your organization’s IT infrastructure, which could lead to a breach.
Which is the Best Way to Test Vulnerabilities for Medium or Small Companies?
Testing for cyberattacks using a tool could be a great chance to detect possible vulnerabilities. An online vulnerability scanner can help you test your website or web app for potential issues if you are not an expert.
The benefits of using an automated scanner tool to check vulnerabilities are:
• It provides results much faster than manual testing.
• It helps identify problems before they become serious.
• It allows you to focus on fixing the problem instead of spending hours troubleshooting.
• It makes it easier to spot emerging trends.
• It gives you peace of mind knowing that your site is protected against known risks.
If you want to learn more about cybersecurity, visit our Cyber Security blog here.