There are many lessons in life that you learn early about ensuring your personal safety.
When you’re small it’s don’t talk to strangers, as you get older it’s don’t give rides to strangers. As you move into adulthood, you’re warned to lock your doors and be careful who you let into your home.
Securing your business is the next evolution in your security awareness. And while it may seem daunting to think that your business could be hacked or targeted in any way, we’ve compiled a list of six ways you can protect your business, your employees, and your company. Although if you’re also looking for ways to secure the perimeter of the business with access control, you’ll want to check out this blog.
Step 1. Educate Your Employees (and yourself) On What It Means to be Cyber Secure
Have you noticed lately; hackers are getting really gooood (in that really bad way). Just today, I noticed no less than 8 phishing attempts in my email.
I’ve always been a bit untrusting and thought I was safe (read: smarter than that), but just a couple years ago, shortly after starting work for a new firm, I completely bought in. I hadn’t seen the email about “fetching a few credit cards for customers” scam. I made it all the way to the register before I realized that the email address wasn’t the company syntax. That easily would have made an embarrassing $500 conversation back to the IT team, and I’m a cynic, what about the friendly, trusting, do-anything for you types in the office.
According to the FBI, phishing was the most common type of cybercrime in 2020, with over $1.8 billion in losses to businesses. Yikes!
Taking time to educate your team, and circle in your new hires, about the different ways that hackers are accessing business and customer data in the beginning could potentially save your business millions of dollars. Start early and train often.
Step 2. Securing the Inner Office. Your mom was right, it’s important to keep an organized space.
I’ll say this one gently for those who like to hang on the “my messy desk is a sign of creativity” crowd. Keeping a messy workspace invites issues for data security. Cluttered desks make it difficult to recognize when sensitive data is misplaced or worse, missing.
While keeping sensitive customer or business information on your desk seems like an obvious issue, most employees don’t think about the inner thief. We’d rather like to believe you can trust everyone too, but that just isn’t the case.
Double that risk if you’re in a medical, financial, or educational industry or the HR Team, where compliance mandates require that personal client information can’t actually be left out in the open. The importance in covering this topic in your training is key.
Remember these workspace safety tips.
- When you leave your workspace, clear your screen. Set your screen to sleep anytime you plan to step away for a few minutes or a few hours. This keeps prying eyes away from information they may not be privy to.
- Keep your documents organized and in folders (or stored digitally with a document management solution) at all times, put your mobile phones, USB drives and personal items stored in a drawer where they won’t mysteriously “walk” away.
- Not all businesses offer shredding services for documents, but if you have one, definitely use it before placing documents into the recycling bin. That extra layer safeguards you and your team from exposing information that you’d rather keep a handle on.
- The file room is scary, or at-least it can be. Still, close the drawers and lock the file cabinets.
- Make sure your team isn’t writing passwords on visible slips of paper or on any visible sticky notes. (I call them screen decorations, and I still see this done all the time in businesses everywhere, if it’s a secret password…don’t put it where anyone can see it.)
- Visible calendars also hold a wealth of information. Little Johnny’s birthday notice is a quick hint into your potential passwords. That’s before we get to sensitive meetings that may be on your calendar and more. Store it on your computer and lock the screen when you walk away. It’s all about best practices.
Step 3. Beware the Trojan Horse | Protecting from Email Threats
I’ve already shared my personal story about the credit cards. The email seemed close enough to legitimate, even though my boss has never used the word “kindly” to replace “please.” Email phishing is one of the cheapest to perform and sadly successful forms of attack.
Sensitive details like usernames, your passwords, credit card information can be lost to the ever-evolving email hack. They’re getting pretty sophisticated.
You’ll want to have your team watch out for embedded links, malicious attachments and my personal favorite the spoofed email. (If you’re wondering, the spoofed email reads like it’s coming from someone you know but the email address is completely wrong. I’m a believer in trusting your gut with these, if it feels off it probably is.)
While I send most phishing attempts to trash, or I simply ignore them, others I pass onto the IT team for verification.
NEVER EVER CLICK THE LINK.
Step 4: Help Me Help You | Cybersecurity Due Diligence
You can help yourself here. If these tips seem a little obvious, know they exist because someone in an office somewhere didn’t know them. Sharing your tips with everyone on your team will only make you stronger on the whole.
So, don’t reveal sensitive information.
Not your personal information, your financial information, none of it. If a stranger asked you for personal information, you probably wouldn’t give it out….same goes for email.
Look for security signals.
The website URL (on the page or the hyperlink) can tell you a lot. Google generally won’t give credit to websites that aren’t secure and don’t show the “https” (the “s” being key) in the URL structure. Without the “s”, the indication is that the site doesn’t keep the security standards that ensure your business is secure.
Watch the URL
Much like the spoofing of an email address, some nefarious websites look close but aren’t quite there when it comes to accuracy. Variation in spellings or even domain variations like .net vs .com can be the difference in a good experience vs a costly one. Double check if you aren’t sure.
Trust, but Verify | Suspicious email requests come from all over.
Any email that requests sensitive information should be scrutinized. Period. Once your team gets the hang of it, that scrutiny can take seconds. In the meantime, take the time.
Like Your Car, Your Computer Needs Maintenance
Well, maybe not maintenance, but definitely updates. By using the latest operating systems, software and web browsers, antivirus and malware protection your system will stay clean and organized, and less likely to be caught in the net of old phishing practices.
A whopping 96% of data breaches come through email. 96%. Train your team, save your business.Verizon’s 2021 Data Breach Investigations
Step 5. Username & Password Management | The Phrase that Pays
Personally, I’m still a little surprised that this isn’t clearer to users. Easy passwords are easy to hack. Period. An old IT Manager friend and I commiserated on this for a larger company. Too many people feel like the password isn’t important because they don’t feel like they have any information worth hacking. Maybe, but your company certainly does, and they only need one entry point.
My recommendation is to use phrases and numbers. Phrases are harder to guess and if they’re personal to you, nearly impossible to guess. Your favorite football team and the year you graduated, not quite so hard to figure out.
Definitely don’t use “password” for your password…it’s not actually clever.
Step 6. Mobile Device Security | Bring your Own Device Challenge
Securing the endpoints of a multitude of different devices, on different networks is no piece of cake. Add the challenge of lost, missing or stolen devices, mobile malware, or unsecured third-party apps in your environment and you have the recipe for breaches company wide. Then, add the challenge of open WiFi networks to operate all those devices…well, headaches for sure.
Coach your team on securing all of their devices.
- Set PIN or Passcodes for each of them – simple, but effective.
- Use remote locate tools – know where your company devices are always, and don’t negotiate on this.
- Keep all the devices clean – we’re back to updates and antivirus scanners.
Bring In A MPS Partner | If You Need Help, Be Comfortable Asking For IT
Mobile Device Management solutions can help your team steer clear of bad actors and hacking attempts.
There are challenges a plenty for today’s business owner. The good news is that you aren’t in a situation where you have to manage them alone. There is overwhelming value in employing an MSP (just search Managed Solutions Provider near me) to help keep your team and your devices out of the grips of hackers. Often, those Managed IT Service providers will even offer a training to your business, to help all employees recognize and avert malicious attempts.
MSPs offer services to update your devices, install and manage security software, security assessments to ensure your data environment is secure and more. The landscape is changing, and will always change but with these tips we hope we’ve help you understand some of the issues out there and how to navigate from them.