Small business owners are constantly reminded of the daunting challenge to protect their data – including data of their employees, customers, and partners – from online hackers and scammers. The challenge is real and complex, but by focusing on these "core four" recommendations you can dramatically improve your cyber security!
Video: How to Prevent Cyber Attacks with The Core Four
According to our partners at the Cyber Readiness Institute, every small business owner should ensure their company is focused on the four most common cyber issues which are the biggest cause of breaches and related attacks.
Here are the top 4 ways your business can prevent cyber attacks!
- Using secure passwords
- Automating security patches
- Stopping phishing in its tracks
- Ditching the use of USB drives
1. Use Secure Passwords and MFA to Keep Out the Hackers
There are many ways hackers will attempt to crack passwords, and one of the most common ways is using password lists obtained from breached servers.
One method is the Dictionary Crack, where software is used to check a password list against different combinations of common words/passwords and patterns. If the hackers can obtain personal information about the users, then this speeds up the process enormously. A recent study found that 1 in 50 people use their favorite sports team and the current calendar year as their password.
Creating a culture of strong, resilient passwords is a simple and effective way to improve your cyber readiness.
Also, don’t forget about multi-factor authentication. This crucial piece of the security puzzle adds a second step to the login process, and prevents hackers from accessing your account, even if they were to obtain your password.
Secure Password Tip: The best password is a passphrase with 64 characters. Passphrases can be easier for people to remember and they only need to be changed if/when it is breached. Also, people can save the passphrase in their keychain, so they don't need to type it in every time. Remember, weak passwords are a hackers dream!
2. Automate Security Patches and Updates to Reduce Cyber Attacks
A patch fixes a known vulnerability in a system, application or piece of software. Patches are released by the system operator but are the responsibility of the user to implement.
One of the biggest challenges organizations face is integrating patching into their processes. Software updates can take time, which makes it harder for you and your employees to make it a priority over your day-to-day work tasks.
Automation (turning on auto-update) is a great way to stay aware of new patches and schedule their installation at a convenient time. Rebooting your computer is also another way to ensure patches get installed.
Of course, this method requires the business to rely on individual users to maintain their computers, which can lead to holes or vulnerabilities in the network.
Automated Security Patch Tip: The simplest way to get around the pain that is updating is to work with an IT consultant. They can audit your entire network and automate tasks like these that take away from the work your business needs to be doing.
3. Reduce Phishing Attacks with End User Training
Phishing emails may adopt the disguise of a person or company you know and try to fool you to take an action, such as clicking a link or confirming sensitive information.
For example, a phishing email could take on the guise of your HR officer asking you to confirm your bank account information and that they will withhold your paycheck unless you immediately confirm your identity.
While there are many good mail filtering software options available, you must know that no piece of software will stop every single attempt. The only true way to stop these threats is to train your employees. A malicious link can’t do anything if it’s never clicked!
Stop the Phishers Tip: Organizations should work with an IT company or IT consultant who specializes in cyber security services and training to educate their employees on what to look for in an email to determine if it is a phishing attempt. If an employee has any concerns, he/she should contact the company’s IT expert. Companies should run basic phishing training on a regular basis, it's not just one and done.
4. Move to the Cloud and Keep the USBs Away!
Like most cyber attacks, a USB attack is opportunistic. Hackers will infect USB drives with malicious software, such as viruses, spyware, rootware and more. All of these can do irrevocable damage to your network as soon as they are installed.
Just like most phishing emails, USB attacks rely on human behavior for success. In most cases, the providers of USBs do not know if the USB is infected. Many people will plug an unknown USB into their computer.
With most applications offering some sort of “cloud subscription” these days, there’s a good chance that you simply don’t need USB drives anymore. In fact, you could probably save money on things like Microsoft Office by moving away from on-premise apps.
Keep the USBs Away Tip: Adopt cloud IT services that are access protected so you don’t need to use a USB.
These tips can be easy to implement for a very small group, but it quickly becomes overwhelming when trying to manage the average small to mid sized business who are most at risk for cyber attacks. If you’re ready to take action on these items, and need some help implementing the process, reach out to a qualified Managed IT Services Provider.
Thanks again to our friends at the Cyber Readiness Institute for contributing to this piece. You can find more details about launching cyber security programs for small businesses on the Cyber Readiness Institute website.
Want to see how cyber-ready your business is actually is? Take the quiz!
About the Cyber Readiness Institute
The Cyber Readiness Institute is a non-profit initiative that convenes senior business leaders from across sectors and geographic regions to share resources and knowledge that inform the development of free cyber security tools for small and medium-sized enterprises. The Institute seeks to advance the cyber readiness of small and medium-sized enterprises to improve the security of global value chains. The free, self-guided Cyber Readiness Program for small and medium-sized enterprises was launched in December 2018 and is available in English, Spanish and Portuguese. Additional translations will soon be available in Chinese, Arabic, Japanese and French.