What is the best advice you can give to entrepreneurs and their employees to ensure cybersecurity?
As hackers continue to breach the online security of SMEs, how can small business owners remain protected in these times? As remote working continues to gain popularity, how can remote workers remain protected in these times?
Hello Mustaali, the flow of the massive information through a multitude of devices is safeguarded by encryption, malaware detection systems, and firewalls that are designed to block unwanted intrusions. Highly confidential information is supposedly protected by the most sophisticated software and AI systems. Yet, as in the case of the NSA breech, nothing seems to be entirely foolproof to dedicated hackers. Hacking is a very lucrative business, which, in many instances, is supported at the very highest government levels. Billions of dollars are at stake, which draws unscrupulous individuals with advanced knowledge of software and algorithms.
The repercussions are many, and include costly computer downtime, loss of data, damage to a company's reputation and trust, and repair expenses. Ransomware viruses can lock up your entire IT network until a ransom is paid. However, a recent study points to simple security practices that can be put into place to safeguard against hacking, which are often neglected.
1. Before clicking on any links verify that the address makes sense, or that it corresponds to recognizable websites. Hackers are very good at camouflaging the URL to make it seem legitimate. Don't be captivated by enticing messages that offer unsubstantiated benefits.
2. Use passwords that cannot easily be associated with the name of your company or owners and are difficult to decipher. A mix of capital and lower case letters, numbers, symbols are a good choice.
3. You should have a different password for every website and platform.
4. Many websites now use a double verification for logins, where the password is combined with a delivered code in a text message.
5. The providers of software correct new security problems. When your computer prompt you to upgrade opt to do it ASAP.
6. Emphasizing the importance of proper security measures to all employees makes everyone aware of the possible consequences. One employee's careless bahavior can cause major difficulties for others.
7. Experts recommend A three-month change cycle of all passwords. It is particularly important for companies with whom you maintain highly confidential contacts such as banks and other financial institutions.
Nice to meet you Mustaali. I have a few pieces of advice for you that I hope will help you and your team ensure device/data/infrastructure security.
- Educate your employees. Your employees may not be as cybersecurity ready as you are. Employees can be your biggest asset or your biggest risk. Be sure to spend the time to host informative training sessions (interactive ones) and keep cybersecurity trends and tech advancements fresh in everyone’s mind. An informed employee can identify a social engineering email seeking out sensitive data while an uninformed employee may accidentally fall for the email.
- Communicate! Communication is vital to the health of your data (and your business as a whole). What data security regulations does your company comply with? If your company must abide by HIPAA then outline requirements clearly in company policies and training session. You could even be creative and further, connect with your team by sending out a cybersecurity tip or gif weekly through IM.
- Create smart passwords, require complex passwords that are not allowed to be shared with others. Passwords should be changed regularly and unique to the device/platform/app.
- Beware of unknown emails, links or attachments. Look out for typos or mishaps in these emails; this is a common ‘tell’ of a malicious email. Look into multi-factor authentication, the more ways to ensure your data is secure the better.
- Take care of any patches or upgrades as they are available. This is great to add to training sessions. Prioritize the onboarding and offboarding policies. Create them to further your cybersecurity efforts. For example, when an employee leaves the company be sure to remove their credentials, authentication and any badge or key that allows them entry into your company.
43% of cyber-attacks target the small businesses! This is because cyber-criminals are aware that small businesses have cheap and out dated security systems with less knowledgeable staff.