Skip to main content Skip to footer
Toggle navigation
Call Us

Category: Digital · 6 min read

Get Serious About Cybersecurity

author profile photo

on September 10, 2019

author profile photo

on September 10, 2019

Group of professionals problem-solving on computers

Cybersecurity can seem like a complicated technology term that doesn’t apply to you, but it’s real and it’s essential to your business today.  

Why? Because 43% of all data breaches targeted small businesses.1 

And they aren’t cheap. The average amount stolen from a business email breach is $24,439.1 

Here’s a common example of where cybersecurity can help prevent a breach. Say you get an email from someone you know, and they’ve sent you a document. But you weren’t expecting them to send you anything. But hey, you trust them, and they probably sent you something that you will need. So, you open the attachment. 

BAM! Wrong move. It’s a fake email, and it takes you to a malicious site that immediately gets your information and possibly access to your accounts. You’ve created a security breach, just like that. You see, that email was a phishing email (which we’ll explain in more detail in a minute), and it could’ve been easily prevented with some cybersecurity training.  

So, is your business secure? How do you know? 

Securing your business is something that requires constant attention, because hackers are constantly evolving and changing their strategies. As the cybersecurity world changes, your business practices and policies should, too. 

Here are some steps you can take to start securing your business today.  

Is your business secure? How do you know?

Stop Clicking on Unexpected Emails 

One of the most frequent ways hackers try to break in to your business digitally and steal information is through phishing emails. Phishing emails are fake, malicious emails that try to entice you to click on a link, download a file, or give confidential information about you and your business. These attacks are the entryway to stealing your information.    

A recent study discovered that 76% of people said their organization experienced a phishing attack in 2017.2 

And maybe the worst part is that these emails look real. Hackers are very good at making phishing emails look like a normal email, but usually there are a few tell-tale signs that you can spot. Here are some of the most common ones:  

  1. It’s sent from an unusual email address. Looking at the sender’s email address can be a clear giveaway that it’s a phishing attempt. Often, part of the email address is incorrect, is spelled wrong, or is a different address entirely. 
  2. There are strange attachments. Before you open any attachments in an email, take a closer look at them. Often, hackers hide malware inside them, which is software that can infect your computer and take your personal data. Many times in a phishing email, the attachment will have an odd name or it will be a unique file type, like HTML.  
  3. Misspelled words and grammatical errors. Phishing emails usually have some spelling errors or grammatical mistakes. If you see a misspelled word, it could be a red flag. 
  4. Different domain names. Some phishing emails try to get you to click on a link, but often the link connects to an unexpected website or file. For instance, it may say that it’s taking you to a Dropbox folder, but instead you go to a completely different website. So, before you click on links, hover over them and make sure the URL matches what the link says.  
  5. URGENT! Hackers like to create a sense of urgency in phishing emails, by telling you that it’s time-sensitive, and you need to act today. Don’t rush. It’s important to slow down and take your time.

Above all, be cautious, and take time to evaluate links and attachments in emails before you click on them. If you’re in doubt, don’t click. Instead, contact the email sender and verify that they actually sent that email.  

 

Install Some Basic Securities  

Before we get into the details about how hackers are trying to attack your business, we need to talk about a few basic security measures you can take. Think of this as your first line of defense. Keep in mind: if any of this seems too complicated (and it easily can), you can reach out to a local IT or technology company to help you install these security features.

First, there’s a firewall, which is the foundation to keeping your network safe from unauthorized access. It’s a hardware or software program that can block untrustworthy outside networks. Business-class firewalls take it a step further by blocking dangerous websites and providing in-depth reports about visited websites and bandwidth consumption. 

This goes hand-in-hand with network monitoring, which is a separate software that gives you a real-time view of who’s on your network and what sites they’re visiting through an easy-to-use dashboard. This is where an IT professional can come in handy, and can set all of this up for you.  

Another way to protect your business is to implement wireless security, which is a set of protocols to help keep your network and devices safe. This means requiring login credentials for accessing your Wi-Fi, and protecting your network by offering a guest access option. Setting up these security measures could be the difference between getting hacked and safety. Getting this up and running is doable by yourself, as long as you have an internet provider and a router.   

 

Evaluate Your Passwords 

How strong is your password? Your password is very important when it comes to your business’s security. If you aren’t following these password best practices, then you should strongly consider changing your password immediately.

Your password should: 

  • Be a minimum of eight characters long 
  • Be a unique passphrase that includes special characters 
  • Not include your birthday or phone number  
  • Not include part of your name 

Password keeper sites can also be a valuable resource, but be careful what sites or apps you use. Some of them are out to steal your data and passwords. I recommend Okta, which is a simple way to log in to sites you frequently use.  

Another good guideline to follow is to add variation to each of your passwords for each site. For example, use a different number, special character, or maybe a different password entirely. At the end of the day, you don’t want hackers to be able to crack your password. So, crafting a strong password is key to protecting your business.  

 

Implement Multi-Factor Authentication 

Passwords are one way to protect your accounts and information, but let’s take it a step further. You can make yourself even more secure by implementing multi-factor authentication (MFA), which requires more than one method of authentication to log in. So, your password is the first line of defense, but then layer on additional measures, such as a security question, an icon, or a verification code. Basically, MFA is another step you take to ensure that it’s really you that’s logging in.  

This is one of the most-effective cyber-defenses out there right now, and can prevent hackers from gaining access to your private information.  

 

Watch out for Ransomware 

Another way that hackers and cybercriminals attempt to get your business and personal data is through ransomware. It is what it sounds like: an attack that takes your data or files and holds it hostage, essentially kidnapping it, demanding a ransom in order for you to get your information or files back.  

Ransomware usually comes from clicking on links or attachments in phishing emails, so this is another reason to be careful with the emails you receive. If you do get attacked by ransomware, and they demand payment, don’t give in. Don’t pay them. Instead, disconnect the infected device and then report the ransomware attack to your local law enforcement.  

 

Be Cautious of Evolving Threats 

Hackers are smart, and they’re upping their game to trick people. The same phishing email concept has also been applied to texts and direct messaging on social media. Be on the lookout for suspicious and unexpected messages and texts, and make sure your social media passwords are strong and secure.

Hackers are also testing us. They’re learning more about how we behave online and what will garner a response. In other words, they’re getting to know their target audience. This means phishing emails will look very real, and will appear to come from people you know. Your friends’ email accounts are getting hacked, and they are using that as bait. In other words, cyberthreats and attacks are ever-changing and evolving, so it’s essential to stay aware of what’s happening, so you can keep your business protected. 

 

Create a Privacy Policy 

One last vital cybersecurity measure to take is to create a detailed privacy policy. This is to remind you and your employees how to handle data, internet usage, and passwords on your work devices. In fact, a lot of what we just talked about could be used as a template as you build your own privacy policy.  

Your policy should include: 

  • How to keep your data safe 
  • How to create a strong password 
  • How to detect common cyberattacks, like phishing emails and ransomware 
  • How to maintain proper internet usage 
  • How to properly use work devices 
  • How to install software updates and patches 

Having a privacy policy in place and communicating it to your employees can make sure that everyone is equipped and able to identify potential attacks.  

Cyberthreats and attacks are ever-changing and evolving, so it’s essential to stay aware of what’s happening, so you can keep your business protected. 

Keep it Safe 

All of these technologies, safeguards, and best practices rely on one thing: you. At the end of the day, you are ultimately responsible for keeping your business safe and secure. You are the first line of defense. IT measures can help alert you, but it can’t stop hackers from getting your information. Only you can. That’s why it’s important that you know the signs of a cyberattack, so you can protect your business from harm. 

 

Sources: 

1. Verizon. “2019 Data Breach Investigations Report.” 2019. https://enterprise.verizon.com/resources/reports/dbir/2019/summary-of-findings/ 

2. Bisson, David. “Three-Quarters of Organizations Experienced Phishing Attacks in 2017, Report Uncovers.” Tripwire. Jan. 2018. https://www.tripwire.com/state-of-security/security-data-protection/three-quarters-organizations-experienced-phishing-attacks-2017-report-uncovers/ 

#19-0561-090420 

Share This Post

Interested in Building Your Digital Presence?

Profile picture for user rkalber
Written By

Ross Kalber

Chief Information & Operations Officer

Ross Kalber is the CIO/COO of Brokers Financial. With more than 25 years of experience working for companies like The Weather Channel and GamePlan Financial Marketing, Ross is focused on emerging technologies, cybersecurity, AI, and leveraging technology to help businesses achieve their fullest potential.

View All Posts

Recommended Posts