It’s one area where “It can’t happen to me” is definitely wishful thinking.
No company is too small or insignificant to escape this risk. According to one study, small business accounts for 43 percent of all cybercrime.
1. Learn how to spot malicious emails. Check the email address of the sender: if it seems inauthentic, it probably is. Look for keywords used by cybercriminals (such as “urgent invoice”). Also look for poor grammar or spelling or unusual company logos.
2. Secure passwords. Make sure employees use complex passwords, including upper- and lower-case passwords along with numbers and symbols. Although it probably won’t be popular, ideally employees should change their passwords monthly.
3. Limit employee access to sensitive data, which doesn’t have to be accessible to everyone in the company. Provide information to employees on a need-to-know basis.
4. Invest in experts. As many as 60 percent of small businesses go under within six months of a cyberattack. More and more companies are taking out cybersecurity insurance or using SSL certificates, which are “small data files that digitally bind a cryptographic key to an organization’s details.”
5. Back up everything twice. Organizations should know exactly what data they need in order to face cybersecurity risks. Delete files that are no longer necessary, and back up those that are.
6. Plan for the worst. What kind of strategy does your company have in place for dealing with ransomware attacks? In these cases, first responders are of primary importance. The more detailed your plans are, the more useful they will be in the event of a crisis.
7. Secure Internet of things (IoT) devices. Those that are most vulnerable are those with passwords or devices that cannot be patched with the latest software updates. IoT security startups typically provide visibility into unmanaged devices and make it possible to prohibit access when required.
To these, we could add two more:
Have a person in place who knows what they’re doing. Have at least one person, ideally in IT, who is responsible for cybersecurity, monitoring updates in the field, and knowing how to deal with threats as they arise.
Pay attention. Employees often know the basics of cybersecurity, but they don’t always remember them when confronted with a string of emails. Make sure that cybersecurity is at the back (if not the front) of everyone’s minds as they deal with routine tasks.