Hackers, data breaches, malware…these are the things that business owners and IT managers have nightmares about. Too many people presume it’s something that only happens to other people and never take the necessary precautions until it’s too late.
You might think that your business isn’t worth anything to hackers. The reality is that 43% of data breaches involve small businesses, partially due to the fact that they don’t have the same security measures in place as a larger enterprise. Thinking that you’re immune can wind up being an extremely inconvenient and costly mistake, one that could be potentially catastrophic for your business.
It doesn’t take expensive software or a team of security professionals to protect your business from malware and data breaches. Here are 7 safety measures your business can implement to prevent cyber threats and the damage they can cause.
1. Install Anti-Virus Software
Installing anti-virus software should be one of the first things you do when setting up a device. If you’re currently using a computer without anti-virus software installed….why are you still reading this? Go do it now!
Anti-virus software does an excellent job of identifying and isolating threats when they’ve reached your computer. It is also increasingly effective at identifying and blocking threats even before they’re downloaded.
Depending on the specific anti-virus program, it may also be able to protect your computer while browsing the internet or screening incoming e-mails for suspicious content.
2. Use Secure Passwords and a Password Management System
Insecure passwords are one of the easiest ways to hack into an online account. A secure password can go a long way in stopping this, but the majority of people still use weak passwords.
While they may be easier to remember, a password that is 6 characters long and only lower case letters can be cracked in only 10 minutes by a computer.
The longer and more complicated the password, the more secure it will be. It should include a mix of lower case and upper case letters, numbers and special characters. Always avoid any information that could be easily guessed such as names, birthdates or phone numbers.
In an ideal world, we would all use a unique password for every single account. If we actually did that, that would be a lot of passwords to remember!
In fact, the average number of accounts a single password is used for is five. It may not seem like a lot, but if someone gains access to one account, that’s four others they could also potentially access.
To balance the challenges of having secure and unique passwords while keeping track of all of them, you should consider implementing a secure password management system.
No, we’re not talking about a shared spreadsheet, sticky notes or saving them in your browser. Password management systems help you securely store passwords, manage who has access to them and auto-fill the information for you to save time and hassle.
3. Beware of Suspicious E-Mails and Links
While e-mail has been a standard form of business communication for years, it is also a common way of sending malware and phishing scams. According to Varonis, 94% of malware is delivered via e-mail.
This means it’s incredibly important to be aware when receiving e-mails, especially from unfamiliar sources. Never click on a link from an unknown sender, even if the link looks safe you could be directed to a site containing malware. The same goes for attachments since they could contain a virus.
E-mails can also be spoofed so it looks like it’s coming from someone you know when it’s actually a fraudster. It may use the same design as a legitimate e-mail from the company or have a very similar e-mail address.
When in doubt, never use the links or contact information in a suspicious e-mail. Always go to their website directly or use contact information from previous communications to confirm whether or not they actually sent it
Unfortunately, we could do a whole blog post about the many ways e-mail scams and attacks can occur. When in doubt, always err on the side of caution, trust your gut and make sure your anti-virus software is installed and up-to-date.
4. Only Connect to Secure Wi-Fi Networks
Unfortunately, not even wi-fi networks are safe in today’s world. Your office wi-fi network should absolutely have a secure password (see #2 for tips on password security). You should also work with your internet provider or IT support to implement a firewall for additional protection beyond what’s installed at the device level.
If you need to provide internet access to guests or visitors, it’s best to create a separate network from the one used by staff. This should also be password-protected and you can simply share this password with those who need it.
You may also want to implement a policy where staff who are using company devices or accessing company data off-site may only do so on a secure network. This may stop them from working in places like coffee shops or libraries, but this inconvenience can go a long way in terms of security.
5. Backup Everything On a Regular Basis
Whether it’s from a security breach or hardware malfunction, there are few more things more frustrating and potentially devastating than losing access to files and data.
Backing up your devices, as well as websites and any cloud-based software tools, on a regular basis will help protect your business’ data and operations should problems occur. At the very least, backups can help to minimize losses and disruption.
How frequently you do this will depend on your specific circumstances but it should be no less than once per week. Some of the most common backup options are using an external computer hard drive or cloud storage options.
Backups on physical devices should always be stored in a separate physical location from the device in use to ensure the best protection.
6. Provide Training and Education For Your Staff
95% of cybersecurity breaches are due to human error, making your staff a pivotal line of defence for your business. All new staff should be trained on your security protocols and general best practices. You should also provide refreshers and updated information for all staff on a regular basis.
Don’t presume your employees already have this knowledge or are using what they know. After all, 57% of people who have been the victim of a phishing attack haven’t bothered to change their passwords!
Beyond formal training, creating a culture of security is also an important form of protection. Make sure it’s known to always err on the side of caution and never hesitate to ask when they’re unsure about a suspicious-looking e-mail or website. With security, there are no stupid questions.
The right tools and knowledge can go a long way in protecting your business from cyber threats. Contact Cayuga Mutual today to get started with a business insurance plan to make sure your business is protected at every level.