5 (easy) cybersecurity tips for businesses
Quick, free and inexpensive steps will help keep cybercriminals away
Scan today’s headlines and it’s easy to be concerned about the digital age: an Equifax hack exposing up to 143 million credit records; mobile malware (malicious software) that targets early versions of Android 8.0powered smartphones; and new “phishing” scams that dupe your employees into revealing sensitive information.
Makes you want to unplug and go back to basics, no?
Considering how much of your small or medium-sized business (SMB) relies on network technology, that’s likely not an option — but so long as you take precautions to safeguard your information, you can dramatically reduce the odds of an attack, says Lysa Myers, a security researcher for ESET, a leading cybersecurity company.
“There’s a misconception that protecting yourself from today’s threats is time consuming or difficult,” Myers says. “But there are a few simple steps you can take that require only a few minutes of your time, and once you set those up, those security measures will fade into the background and you’ll forget they’re there.”
Of course, you can also outsource your SMB’s IT and related cybersecurity needs, but the following is a look at how to easily up your game — with most of these tips applicable to your personal life, too. 1. Have good antimalware Just as you wouldn’t leave the front door to your home unlocked, you shouldn’t let your company’s network and devices be vulnerable to attacks, whether it’s a virus (or other malware) that sneaks onto your device or caused by “social engineering” (including ransomware and phishing scams) because you were deceived into divulging confidential information. Reputable antimalware on all your devices — laptops, desktops, tablets and smartphones — can identify, quarantine, delete and report any suspicious activity. Myers says the best ones offer a suite of services, including a firewall and encryption options.
On a related note, be sure to have good mobile device management (MDM) software installed on all your employees’ devices, to help remotely secure email, monitor activity, manage software and services, and more. 2. Update your software If we’ve learned anything from this past spring’s WannaCry ransomware — a global attack that infected some 230,000 Windows machines running an out-of-date operating system — it’s to set software to automatically update so we don’t have to remember to do so.
“Set up automatic updates wherever you can,” Myers suggests, “which includes your operating system, browser, plug-ins, and other software. This is really easy to do and once you do it for the first time, you’re set.” For software that doesn’t allow for automatic updates, check them regularly. 3. Use strong passwords, two-factor authentication Never use the same password for all your online activity. Why? If a service is hacked and your password is exposed, cybercriminals may try it on another account.
Not only should you use different passwords for all accounts — and password manager apps are a handy way to remember them all, suggests Myers — but try to use a passphrase instead of a password, therefore a sequence of words and other characters, including numbers and symbols.
What’s more, make it harder for the bad guys to access your data by adding a second layer of defence.
In two-factor authentication (sometimes referred to as “two-step verification”) you not only need a password or passcode (or biometrics log on, such as a fingerprint or facial scan) to confirm only you can access your accounts, but you also receive a one-time code to your mobile phone to type in. 4. Back up your info It doesn’t really matter how you want to do it — a free cloud service, external hard drive, USB thumbdrive, or what have you — so long as you’re proactive about backing up your important files regularly you’ll minimize the damage if you’re hit with a direct or indirect attack.
Benefits to cloud backup include: off-site protection (in case anything happens locally, such as a fire or flood); you can access your data anywhere in the world and on virtually any device; you can easily share large files with clients; and employees can collaborate in real-time on documents. Local storage options, on the other hand, are less expensive overall (especially if you have lots of data), you don’t need the internet to access your information, and you’re not entrusting another company with your data. Pro tip: hedge your bets by having both offline and online backup. 5. Practise good cybersecurity Every company should have a comprehensive cybersecurity policy each employee must read, sign and regularly review. Because “social engineering” is becoming a huge problem in the workplace — cybercriminals who trick people into breaking normal security procedures — occasional training is incredibly important.
In fact, ESET has a cybersecurity awareness training module for small businesses. Employees get free online (or downloadable) training that can be completed in less than two hours, giving employees everything they need to know to protect their companies’ networks. The program can be customized, too, if desired, and you can document employees’ progress with certifications and badges for successful completion.
Other cybersecurity measures? Set up biometrics security on your smartphone and a “find my phone” app to locate it if it gets lost or stolen; be cautious when using your laptop in free public Wi-Fi hot spots (use your smartphone as a personal hot spot instead); and be sure to exercise common sense when reading emails and text messages (no respectful company, like your bank, will ever ask you to urgently confirm your identity by filling out forms), and never click on suspicious attachments or links.
“Many of these steps are cheap or free,” Myers says, “and they’re very simple things you can do to protect yourself.”