By Ademola Alex Adekunbi — ENTREPRENEUR LEADERSHIP NETWORK CONTRIBUTOR — Founder of Tech Law Info
This story was first published on Entrepreneur.com.
As the year comes to an end, cybersecurity continues to remain top-of-mind for business owners around the world. The year marked an increase in the amount of fraud perpetrated against small businesses, but especially small- and medium-sized businesses (SMBs). A report by Interpol from earlier in the year showed that cybercriminals have been expanding their attacks against targets from individuals and small businesses to major corporations, governments and critical infrastructure. As highlighted by Wall Street Journal, ransomware and malware attacks have also been increasing drastically.
There are many factors responsible for the marked increase in cyber fraud and malware attacks this year, but the fact that most people have been and are still working from home is likely to be a major contributor. Unlike at work where it is easy to reach out to the IT staff for guidance on what actions to take should a situation arise, many are simply adopting a DIY attitude, and thus making more mistakes. Also, there have been many disruptions in how businesses operate, thus making it easier for bad actors to convince people to depart from the established protocol. Here are three strategies you can adopt to safeguard your business going forward.
1. Keep your systems safe
Most cyber attacks come in the form of software that is installed on your systems through one form or another, and you can reduce the risks of such attacks dramatically simply by ensuring that you have the proper antivirus software installed and updated. The latter part is particularly important because there are new viruses being developed and sold on the internet every day, and if your antivirus software is not kept up-to-date, it might simply miss a piece of malware.
It is also important to make regular backups of important data and to have strong passwords in place across all of your devices. Sometimes, all it takes for an attacker to gain access is one device used by a staff member deploying a weak password or failing to avail themselves of multi-factor authentication on devices and accounts. Even if your organization is not large enough to have a full-fledged IT department, it’s important to coordinate your staff to ensure they are taking the steps necessary to keep your systems secure.
2. Internet security training and processes
Although the common perception of hackers is that they sit in front of monitors with long lines of green code running down their screens as they use brute force attacks to force their way into a target network, that is simply not the case in many instances. Today, many cybersecurity attacks come in the form of social engineering using carefully crafted emails and calls designed to trick your staff into granting access to the hackers either by installing malware or giving up credentials on webpages controlled by the hackers.
“Businesses must be aware of social engineering tactics and train all of their staff on how to identify and combat them,” says Joseph White, CEO of LookupAmerica. “Something as simple as mandating that staff take the time to cross-check the sender of an email, or whether a phone number has been marked as spam by other users, can significantly reduce the chances of a successful attack. The overarching principle in social-engineering prevention tactics is to get your staff to pause, review and verify requests before responding with any information — no matter how innocuous — since hackers often get seemingly mundane information from multiple sources which, when added up, could expose confidential data.
3. Conduct regular audits
As with any other kind of audit, the purpose of cybersecurity audits is to evaluate your records to see if there are any red flags that indicate if any part of your system has been compromised. In addition, the audit should include a review of your administrative processes and staff behavior to see if there is anything that needs to be changed to further secure your systems and prevent compromise in the future. Typically, you would need to hire professionals to do this, but the expense is well worth it to prevent successful cyber attacks.
The scope and frequency of the audits will vary depending on your specific circumstances, with ecommerce websites being at the top of the list because apart from your own financial information, you have access to the financial information of your customers and losing it to hackers could result in serious liability for you. Apart from checking for malware and vulnerabilities generally, key things to look out for include whether your payment systems are PCI-DSS compliant and whether your SSL certificate is current and functional.
Here's to hoping you, and your business, have a happy and safe new year.
Opinions expressed by Entrepreneur contributors are their own.