Closing the most common cybersecurity holes
Are you sitting down? We’re going to begin with an alarming stat.
Half of all small-to-medium-sized businesses have encountered at least one cyber attack. Wait. It gets worse. In cases involving theft of data, SMBs spent an average of over $955,000 to recover from the attack. Even for businesses that do post profits in the millions, nobody wants to drop that kind of money on a cyber attack.
There’s a host of things you can do to protect your business from cyber criminals, but one of the most important security measures is easy to overlook. A staggering number of cyber attacks start by targeting one specific weak point: your employees.
The average user may not be aware of the creative, devious ways hackers work. To give your business an instant cybersecurity boost, start by educating your people.
If you’re wondering what your staff needs to know, you’ve come to the right place. Below, you’ll find several critical tips and tricks any SMB can put into play immediately. While a cybersecurity training session may not be the most exciting way to spend an hour, the stakes are high and the information is priceless.
Be (a little) Paranoid
First, tell your people, candidly, to ditch the “it won’t happen to me” attitude. Even tech savvy folks get duped from time to time. In the ever-changing world of cyber crime, there’s no room for arrogance. A little paranoia is appropriate.
In general, assume there are people outside your organization who want your data. Assume they want access to your network. Assume they’ll go to impressively creative measures to get it.
That doesn’t mean you have to avoid the internet at all costs. Email, web services and remote access are all necessary tools. You can’t take take your business back to the Stone Age and still be successful.
Instead, shoot for balance. Make sure your employees know the same time-saving, profit-generating technology they use every day can be turned against them. Cultivate an awareness of the possibility of cyber attack.
Security is a shared burden. Everyone on the team needs to pitch in.
If you want to see an IT guy cringe, tell him you use one password for everything, and it’s “123456.” When he’s done convulsing, he’ll most likely launch into a tirade about password security (and justifiably so!).
Tech news sites routinely warn of the dangers of using “123456” and “password” for web services, but both of those examples still show up on lists of the most commonly used weak passwords.
What makes for a better password? Several things:
- Passwords should be long. The generally agreed upon minimum length is 12 characters. The shorter the password, the easier it is to crack.
- Passwords should be unique. Don’t use the same password for multiple services. If you do, one security breach can easily turn into dozens of security breaches.
- Passwords should be complex. Include numbers, letters, and symbols. Steer clear of dictionary words as much as possible. And, no, obvious substitutions (like using a zero in place of an “o”) don’t do nearly as much to discourage hackers as one would hope.
Of course, passwords also have to be memorable, which is one reason why so many employees use low security passwords. To get around that issue, consider using a password manager. LastPass, for example, makes it a breeze to up your password game.
Email is a prime point of entry for malware, phishing and ransomware attacks. Seemingly legit downloads and links can lead to epic cybersecurity breaches. Even if your email server scans inbound messages for dangerous content, don’t make the mistake of assuming every clickable option is safe.
Warn your employees to only download files from people and companies they know and trust. Also make them aware of the hazard of links. Cyber criminals capitalize on curiosity to worm their way into networks. No matter how interesting the article, or how cute the kitten pictures, strongly encourage your staff to never click on email links from unknown senders.
Consider the above the big three. If you only have a few minutes with your employees, those are the tips you should share first. If you can carve out a bit more time, here are some other areas worth covering.
- Updates Are Your Friends. Way too many people ignore update notifications. Even if you’re right in the middle of a flow, churning out work, when your software or operating system requests permission to apply an update, do it. Keeping your tools updated is a basic rule of cybersecurity.
- It’s Good to Share. In this case, we’re talking about sharing to a local server or the cloud – AKA, backing up your work. Never rely on a single version of any file. All your data should be duplicated somewhere secure.
- Lock It Down. When an employee walks away from their workstation, they should always lock it. Not only will that protect staff from . . . interesting aesthetic changes applied by coworkers (think David Hasselhoff desktop wallpaper), but it also adds an additional layer of security. Lock computers when not in use, especially if guests are frequent in your office.
- Know Your Network. When you’re mobile, be careful about the Wi-Fi networks you use. Public networks are convenient, but not always safe. Be discerning. And never use an open, unknown network. That’s just asking for trouble.
Go over these cybersecurity tips with your employees, not just once, but repeatedly. Bad cybersecurity habits are hard to break. Frequent reminders will help you close some of the most common holes in your network security, helping to stave off costly attacks.
If you’d like even more help shoring up your cybersecurity, the expert team at CCS Technology can help. We know what it takes to protect businesses. To find out more about how we can help, contact us today.