The following is a guest post from Paladin IT on cybersecurity tips and practices to help protect your business.
1. User Awareness and Education
55% of small businesses experienced a cyber-attack in the last year and 90% of successful data breaches and ransomware infections involve errors by users. Inform and educate your employees about the risk of phishing and other cybersecurity intrusion techniques. Train them to look for the signs of various attacks.
2. Anti-Virus is No Longer Sufficient Protection
Cyber attacks have become more sophisticated. Everything from the sender’s email address to links in emails and document attachments is now suspect. Protect against these risks by using security software that includes DNS filtering to block fraudulent websites/links in an email. NEVER open an email attachment/document unless you know and trust the sender. Never open email attachments purporting to be invoices or orders from a company you’ve never done business with.
3. Don’t Be Foolish with Passwords
- Don’t use passwords such as “password”, 12345, 123456, etc. These are at the top of the list of commonly used passwords. Use complex passwords with numbers, letters, capital letters, and special characters.
- Don’t use the same password for every website or account.
- Use a unique password for each financial, company, or other key accounts.
- Use a password manager such as LastPass, dashlane, RoboForm or other well-known managers.
- Force your employees to change their passwords regularly.
4. Use Public WiFi Carefully
Free or even paid Wi-Fi services at coffee shops, restaurants, and even hotels can be spoofed or faked by hackers. NEVER access company or financial information via these connections. The safest way to use them is with a Virtual Private Network (VPN) which is software that encrypts your communications and renders it unreadable to others. VPNs are standard on business-level routers or VPN software can be purchased by individuals to secure their communication when using public Wi-Fi.
5. Backup, Backup, Backup
The last line of defense for a small business is to have a comprehensive backup & disaster recovery (BDR) plan in place. At a minimum, all or your data should be backed up and stored in multiple locations (locally and offsite and/or in the cloud). A business, even a small business, should also back up their entire systems (operating system, settings, and data) to facilitate fast recovery from a cybersecurity breach. Finally, any business that would be seriously impacted by the inability to use their systems and data should have a disaster recovery plan that allows for their systems to be recovered or run from another location. This is critical in cases of loss due to natural disasters, fires, theft, etc.