Cybercrime is on the rise and cybercriminals are always on the hunt. Small to mid-sized businesses are most vulnerable as many lack effective security measures.
According to The National Cyber Security Alliance, one in five small businesses are victims of cyberattack every year and nearly 60 percent of those close their doors within six months of an attack because they cannot afford the costs involved in remediating a data breach or ransomware event.
Small businesses need to be vigilant and take steps to protect their data. Knowing how cybercriminals gain access to your system is an important step in keeping them out. Three of the most common methods used by cybercriminals are:
Phishing uses realistic e-mails that look like they come from a trusted source, such as your financial institution, in an attempt to trick recipients into sharing passwords and other sensitive information. Other forms of phishing include text messages and phone calls from tech support asking you to visit a website where they will help fix an issue on your computer.
A combination of the words “malicious” and “software,” malware is any piece of software or code created with the intent of damaging devices or stealing data. Malware is a broad term that includes all malicious software, including viruses, worms, spyware, ransomware and others.
Ransomware is a type of malware that is exactly what it sounds like — software that holds your computer system and sensitive information hostage until you pay a ransom for the decryption key.
Ransomware is typically introduced into a system by an employee who innocently opens an email attachment, document or website link that contains malware. Once infected, it is impossible to open any documents or applications on your systems until the ransom is paid.
Now that you know how they get in, here are several critical security measures to keeping cybercriminals out.
Keep your systems up to date. New vulnerabilities are frequently found in common software programs such as Microsoft Office; therefore, it’s critical you patch and update your systems frequently. Set your browser and computer to auto-update when a new patch comes out.
Require strong passwords. Passwords should be at least 10 characters (the longer, the better) and contain lowercase and uppercase letters, symbols and at least one number. Use a different password for every log-in. Use a password manager. This is one of the most important security measures you can take. A password manager will generate complex passwords for every site you visit and keep track them for you.
Turn on multi-factor/2-factor authentication. At a minimum, turn this on for your email account. Once a cybercriminal has access to your email account, they can use your email to request a password reset on all your accounts including your bank accounts.
Install malware protection on all of your computers. Traditional antivirus software is no longer enough. Make sure the solution you implement protects you against ransomware, email threats and dangerous websites.
Have an excellent backup. A good backup not only protects you against ransomware demands but a host of data-erasing disasters such as employees overwriting files, natural disasters, fire, water damage and hardware failures. Your backups should be automated and monitored.
Get security best practices training. The No. 1 vulnerability for any business system is the people who use it. Since almost all cyber security breaches are caused by human error (someone clicking on a link in an email, accidentally downloading a virus or falling for a phishing scam), we strongly recommend cybersecurity awareness training for everyone on your team.
Jeff Chandler is CEO of Z-JAK Technologies providing IT and cybersecurity services for business owners. He recently authored the book, “Hacked! What You Must Know Now to Protect Your Business Financials, Customer Data, and Reputation from Cybercriminals.”