Of all the challenges facing businesses today, cybersecurity is among the greatest. The internet has become integrated with our daily lives. However, in many respects, it still resembles a digital Wild West.
Here are a few statistics that may surprise you. According to a 2019 survey carried out by Dell, 63% of businesses had suffered a breach in the past year. And yet, according to another study, 66% of SME executives believed it was unlikely that hackers would target them.
Meanwhile, these bad actors carry out 43% of their attacks on small businesses. Victims of breaches suffer average losses of over $200,000. Of them, more than 60% go out of business within six months.
Cybersecurity is no joke. If you want to become a leader in your space, you need to take this facet of your business seriously. In today’s article, we’ll share security basics that will protect your business from all those e-thugs lurking out there on the web.
Hire An External IT Firm To Set Up Your Cybersecurity Defences
Generally speaking, your best defence against hackers is education. However, you should also set up your systems to make life as difficult as possible for them. Doing so can include setting up a firewall, patching software, and hiding version information. To do all of this, though, you’ll probably need an IT security expert on your staff.
Therein lies the problem – cybersecurity experts don’t come cheap. In 2020, the average computer security specialist commanded a salary of over $70,000, profit sharing and bonuses included. Most SMEs aren’t big enough to warrant having a permanent position for this role.
As such, it may make sense to bring in an IT consulting firm to tackle this issue. These companies offer one-stop shopping for many IT tasks – cybersecurity included. Any firm you choose should provide cybersecurity as part of a managed IT services plan. If they don’t, keep looking.
Proper Password Hygiene: Learn It, Embrace It, Enforce It
Many movies depict hackers as evil geniuses. In them, they use fancy, next-level techniques to break into systems. In real life, black hats usually begin by trying simplistic, brute-force attacks. In other words, they use scripts that bombard login pages with standard user/pass combos.
And it works – a frighteningly high percentage of the time. How do these random guesses work so well? Employees, wanting to save time, often use common passwords like “password”, “123456” (this one makes up 4% of ALL passwords,) or “admin”.
Usernames are equally predictable or can be acquired via phishing/social engineering (more on that later). By using a dictionary/common passwords script, all a hacker has to do is sit back and wait.
Thwarting these simple attacks has a simple solution: good password hygiene. Passwords should be long – at least 14 characters long. They should have a mix of upper/lowercase letters, numbers, and symbols. And lastly, the password you use for corporate accounts shouldn’t be the same as your Gmail password.
Implement Two-Factor Authentication
Hackers are getting more sophisticated and as such, having a strong user/pass combo may no longer be enough. To strengthen login security further, we strongly recommend implementing a two-factor authentication (2FA) regime.
2FA requires users to input a code sent by the server or answering security questions. Examples include a code sent to a mobile phone via SMS, a code generated by physical token, and even inputting biometric data (e.g., your fingerprint).
These authenticators are much harder for hackers to acquire/intercept. Consequently, introducing 2FA to your system can significantly strengthen its security.
Train Your Staff To Recognize Phishing, Social Engineering Attacks
However, even a 2FA system can be defeated. Faced with this new obstacle, hackers have developed new lines of attack. To get their hands on password and 2FA data, they have begun posing as authorities and even loved ones.
By now, most of us have received e-mail messages claiming that we must reset our online banking password. It comes with a link leading to a legit-looking fake website. Once we enter our login details, the hacker has us.
Hackers often use social engineering attacks to acquire answers to 2FA security questions. They can pretend to be our co-workers, our boss, or even one of our family members. By asking an innocent question (like the name of your niece), they get the info needed to get past 2FA security.
We suggest bringing in a cybersecurity expert to do a brown bag talk on phishing/social engineering. Over lunch, they’ll give you and your employees the tools needed to spot one of these hacking attempts.
Use A VPN – Especially When You’re Out Of The Office
We live in an internationalized world. As a result, you’ve probably done more than your share of international business travel by now. It’s at this time when the security of your business is most at stake.
If you use public Wi-Fi to work from your smartphone/laptop, a hacker sitting a few tables away could intercept your data. Avoid this scenario by using a VPN. When activated, it encrypts your web traffic, rendering the details indecipherable to anyone intercepting your signal.
Don’t Become A Statistic – Be Prepared
Even in 2020, cybercrime still rages out of control. It is your responsibility to ensure the safety and security of your enterprise’s data. By following the tips in this article, you’ll significantly decrease your odds of becoming a victim.
