The pandemic has forced many people to conduct business from home. Unfortunately, this shift to remote work has also opened up opportunities for hackers.
Cyberattacks have grown more than 400% since the pandemic started, and many of these hacks target small businesses. Small businesses are often targeted because many don’t have a fully-fledged IT department to protect themselves.
As we have seen with the recent gas shortages, today’s cybercriminals are increasingly sophisticated and pose more significant threats to the economy than ever before. New safeguards are needed to protect consumers and businesses.
Cybersecurity is not only about adding layers of security technology. It starts with an understanding about managing cybersecurity risks. The Better Business Bureau has developed the Five-Step Approach to Better Business Cybersecurity to help businesses and consumers do just that.
Step 1: Identify. Take inventory of key technologies you use and know what information you need to rebuild your infrastructure from scratch. Inventory the key data you use and store and keep track of likely threats.
Step 2: Protect. Assess what protective measures you need to have in place to be as prepared as possible for a cyber incident. Put protective policies in place for technologies, data and users, and ensure that your contracts with cloud and other technology service providers include the same protections.
Step 3: Detect. Put measures in place to alert you of current or imminent threats to system integrity, or loss or compromise of data. Train your users to identify and speedily report incidents.
Step 4: Respond. Make and practice an Incidence Response Plan to contain an attack or incident and maintain business operations in the short term.
Step 5: Recover. Know what to do to return to normal business operations after an incident. Protect sensitive data and your business reputation over the long term.
Approach your home or office with these five cybersecurity practices in mind:
1. Understand your current cybersecurity status. You might be under the impression that you have relatively good cybersecurity, but how can you be sure? It’s crucial to audit your cybersecurity status on an annual basis.
2. Train your system users. With the world shifting toward remote work, it’s essential to acknowledge how much time you work on personal devices or in external locations. Educated system users are your first line of defense in protecting your information.
Hackers understand that untrained users are often the easiest way to get into a system.
Popular types of cybersecurity scams against employees include:
• Impersonating an employee within the organization – usually by finding out their name on social platforms or the company website.
• Baiting with information that seems internal, that the hacker has actually found online
• Hiding malware downloads in email unsubscribe buttons
• Phishing emails
• Using keyboard capturing techniques to gather passwords
• Internal threats from current or former employees
Approach training your users on cybersecurity in a smart way. If you simply send your team an article describing the importance of cybersecurity, you may not get their full attention. Don’t just force tutorials or conduct training sessions onto others without explanation.
Instead, make them understand the potential impact of these attacks and how vital their scrutiny is. Giving your team background on the dangers present will help them understand why they should care about cybersecurity.
3. Back up important information. It can be devastating to a business to lose critical financial records, customer data, planning documentation or proprietary information. Some cyberattacks not only steal data, but also wipe and shut down systems. This is a situation from which it is almost impossible to recover.
To avoid this, you must back up all information frequently. If possible, use a system that automatically backs up data into a cloud. If this option isn’t doable, ensure you go through a data backup at least twice a week.
4. Update systems. No one dreams of performing system updates. However, you must understand why system upgrades are essential and should be done immediately.
Operating systems have built-in functions to help reduce the threat of a cyberattack. However, as the world of cyber threats is continuously changing, operating system manufacturers release upgrades to keep up with the changing landscape. These upgrades are for the protection of your system and any time you delay an upgrade, you increase your risk.
5. Password authentication. Two-factor authentication requires that users verify their identity with a secondary device in a short time frame. The process essentially works as an additional barrier to entry. Someone finding out your password may be likely; someone finding out your password while also having your mobile phone is much less likely.
If you think that your smart, capable team doesn’t need two-factor authentication, think again. People hate forgetting their passwords and want easy access to their accounts. Unfortunately, this typically manifests itself in the types of passwords they choose. The two most common passwords in 2020 were 123456 and 123456789. Not so secure at all!
Two-step authentication can help your employees keep their accounts secure.
The risks that come with poor cybersecurity are too high. By implementing these five cybersecurity practices, you help to protect your home and business. You can choose to ignore your cybersecurity, but that doesn’t mean that hackers will ignore you. Be proactive and make sure that you are taking your cybersecurity seriously.
Read more at BBB.org/Cybersecurity.
Kelvin Collins is president and CEO of the Better Business Bureau serving the Fall Line Corridor, which includes the Augusta-Aiken metro area. Direct questions or complaints about a specific company or charity to (800) 763-4222 or [email protected]