It’s easy to think about 2020 as being one of the worst years in recent history, but a closer analysis reveals a different trend. While we don’t dismiss the difficulties of 2020, 2019 also started on the wrong foot.
The only difference is that the negative effects are less visible and more long-term. Both 2018 and 2019 registered a rise in cyber threats and illegal cyber activities culminating with the release of a huge database of emails and passwords in January 2019. The trend continued throughout the year as these are valuable data that can be used to inflict harm for years to come.
But it’s not just individuals who are at risk! The last couple of years showed small and medium-sized businesses (SMBs) getting hit hard by ransomware, malware, and phishing. SMBs are somewhat easy targets because they pay less attention to cybersecurity measures and protocols thinking they are too small to be of interest.
But ill-intended actors know that even small businesses can have access to significant amounts of money or useful client information.
That’s why good cybersecurity protocols and practices matter! We will discuss the top most important steps any business must take into consideration and how to implement them at an affordable cost.
#1: Manage the Human Factor
The COVID-19 pandemic exposed one of the biggest vulnerabilities of most businesses everywhere – working remotely. In addition to this, hackers took advantage of the general anxiety and fear by impersonating trustworthy organizations (like the WHO or even governmental organizations).
It may sound insensitive, but the 2020 pandemic is not a novelty for threat actors. They are always active and try to take advantage of any catastrophe or event they can. As such, regardless of size and importance, no one is safe. However, most attacks focus on easy to conquer vulnerabilities and the human factor.
Phishing, malware, and ransomware attacks are successful because someone clicks on something they shouldn’t have and introduce the ill-intended software into the system.
For instance, at the beginning of the pandemic, ill-intended actors took advantage of people’s need for information by sending emails that looked official (usually designed as coming from the government or the WHO). Once clicked, the link would take the user to a phishing page where they could be asked to provide credentials (for logging in) or financial data (for donations or more).
Given that many people who worked from home had to use their personal devices, this also exposed businesses as bad actors had access to their network and thus, any unsecured files. But there’s also the version where people accidentally share a confidential document with everyone else or send it to the wrong people.
What to Do
To prevent all these, it’s crucial to have a well-designed system, where each employee has specific access rights. This way, even if something happens, the malicious software can’t reach the core of your company.
The company should also have strict rules and protocols regarding sharing, working on collaborative documents, and overall handling of sensitive information.
Lastly, it’s important that all employees know and understand the risks so they can proactively avoid them (at home and at the office). For instance, a business could enlist their employees to online cybersecurity classes.
#2: Data Backup
Data backup is one of the most effective measures to protect your company from ill-intentioned attacks.
If the company website is attacked, you can quickly put it back online using the latest backup. This means there will minimum downtime with minimum losses to your profits. The same goes for your internal systems and databases.
Backups are also useful in case of device malfunction and/or updates or if one or several devices get stolen.
Quick note: if your employees work mostly from a remote location and/or are on the field a lot (delivery couriers, sales agents, and so on) it’s important to provide them with disposable secure devices. These devices need to connect to the main database and should only work online, without storing any important information locally. This way, if one gets stolen, the thief can’t access your company’s information.
What to Do
Companies must have a well-designed backup system following several methods. It should also be a regular process, with regular checks regarding the possibility of restore using the backup.
Lastly, you shouldn’t keep all your backups on one server or storage device, and for no reason should you store backups in the same location as the database being backed up!
#3: Secure your devices and network
Proper security protocols require several layers of security starting with each device and ending up with the network.
An unsecured network can be easily penetrated with targeted phishing, malware, or ransomware campaign. As such, each layer of security makes it increasingly more difficult for bad actors to mettle in your business, which makes most lose interest.
What to Do
Here are some of the steps to take to make sure your network and devices are secure:
- Make sure your software is up to date (no clicking on Remind me Later when a new OS update shows up)
- Install reliable security software (anti-virus, anti-spyware, and anti-spam filters) on all devices including routers.
- Set up a strong firewall (you may need professional help for this)
- Turn on spam filters – this action reduces the number of phishing emails received by your employees
- Turn network encryption on and use it to send confidential or sensitive information
- Implement two-factor authentication for important accounts and access to sensitive files and folders
- Have a centralized password management system – passwords should be generated automatically using a reliable system and stored in the browser or using a password manager tool that automatically fills in the credentials. This way, your employees can’t leak the passwords and bad actors can’t break them.
It’s easy to get wrapped up in the cost and resources required by a secure system. However, the cost of recovering from an attack is much higher and in some times it can cost your business’s reputation as well.
Overall, cybersecurity may be a rather costly initial investment but you only have to do it once. Of course, every system needs maintenance and it’s important to have at least one professional available for help, but it is a cost you can’t afford to delay.
— — —
Oli is a working mum who has a passion for teaching and all things educational. With a background in marketing, Oli manages the digital channels and content at Courses.com.au.