In its 2022 Cost of a Data Breach Report, IBM says 83% of all companies will suffer a successful attack at least once, often multiple times, at an average cost of more than $9 million apiece for American enterprises.
That’s a broad brush, of course, but the point remains that whether the bad guys make off with customer data that they can then sell or with cash itself – either by raiding a bank account or collecting ransom that must be paid for vital systems to be freed – cyberattacks can seriously damage, and not infrequently shut down, small businesses across the country.
Of course, most businesses can’t live without the internet, so as your trusted internet provider, we want to share some basic information on how you can stay ahead of these constantly evolving threats. It begins with having a security policy that spells out risks and rules.
Secure Your Passwords
Experts estimate that up to 80% of all breaches occur because of password hacks. Create and enforce a password policy.
That should include, at a minimum:
- Requiring eight to 12 characters that mix numbers, letters, and symbols.
- Requiring regular password changes that don’t allow re-using old passwords.
- Requiring password management software while banning keeping them in writing on or in a desk.
- Using dual authentication tools that require a code be sent to a user’s mobile device after the successful password is already entered.
Educate Your Employees on Phishing
Regularly remind your employees that no one will ever request their password or any other sensitive company information by phone, text, or email. That’s how phishing succeeds. Spear phishing can be particularly dangerous: that’s when the attackers use easily accessed, often public information to target the spoof email at an individual employee while posing as a friend, peer, or supervisor. (You also might see the term “whale phishing.” That means the CEO or other top executive is the recipient of the phishing.)
Regularly remind your people and yourself to avoid clicking on links in any text or email that’s from an unknown email address or phone number. Look closely and twice: cyber thieves often use email addresses and phone numbers that resemble that of senior managers or close colleagues.
Such clicks are a great way to let in a virus or other malware that can hijack your system to participate in further attacks without your knowing it, expose your proprietary customer and company information to a breach, or end up in an expensive, even crippling, ransomware attack on your business itself.
Limit User Access and Devices
Your security policy should also spell out what devices are included, including any private phones, laptops, and tablets they use to do company work.
The more people have access to your software and systems, the higher the risk. Numerous enterprise management tools can limit authorizations to only those applications each user needs to do their jobs.
Also, either limit access to only company-issued devices or require employees who use personal devices for company business to follow the same policies for password and data protection on those individual devices.
Use Virtual Private Networks
Virtual private networks (VPNs) create a private pipeline for your system to move data back and forth among your off-site users, your data warehouse (whether on-site or in the cloud), and everyone and everything you communicate digitally with, including customers and all those business applications (still often referred to as Software-as-a-Service, or SaaS) that you use daily but, again, live in the cloud.
By the way, the owners of those cloud sites are some of the largest, most sophisticated internet-based businesses in the world. Using VPN connections to and through them helps secure your operation.
Fire Up Your Firewall
Firewalls have been around for a long time. They were one of the first responses to the emerging business of cyberattacks. They’re filters in your on-site IT infrastructure that inspect incoming and outgoing traffic for computer viruses and other malware.
These attacks can cripple your system and allow access to customer data, and worse, the bad actors don’t even need anyone to click on an infected link to do their dirty work. Firewalls can help mitigate that risk, but you must keep them updated.
Keep Up With Patches And Fixes
It can be tempting to ignore all the updates and patches that your operating system and myriad other enterprise-level software systems send or alert you to download. Don’t.
Those fixes come from experts who spend their days analyzing the changing attacks from cyber crooks who are constantly trying to penetrate your software and hardware.
To learn more about our high-speed internet for your business and how we can support your cybersecurity efforts, contact us at 1-800-432-8294 or email [email protected]. Or see us online at sttelcom.com/business. We’re proud to keep Western Kansas homes and businesses connected!
