Today’s businesses are under attack—and this time, millennials aren’t the culprit. Instead, small and enterprise businesses alike are the target of sophisticated cybercrime, designed to steal data and siphon money right out from under their noses.
Unfortunately, too many businesses operate with few cybersecurity protections beyond basic spam or anti-malware software. This leaves them open to vulnerabilities, which is a bit like living on top of an active volcano: It’s only a matter of time until the whole thing blows. Insecure networks, poor password hygiene and employee naivete can sink an organization in a matter of minutes, costing millions of dollars in damage.
Lest you think we’re being overly dramatic, consider the statistics:
- A total of 60% of cybersecurity victims go out of business within six months of an attack.
- The average total cost of a data breach is almost $4 million, or $148 per record.
- Most organizations lose business following a cyberattack, which costs an additional $4.2 million on average.
Fortunately, there’s a silver lining to that very dark cloud. Simply put, businesses that actively work to prevent and contain cyberattacks are much less likely to suffer their worst effects. And many of these efforts are simple enough to enact—even without the help of an IT services provider. Here are five of the most effective:
Keep software up to date
Software updates aren’t just annoying popups; many developers release patches to address cybersecurity flaws as they are identified, so if you’ve been ignoring application or OS updates, it’s time to get those installed. Task an employee with checking company devices for software updates. Alternatively, you can invest in online applications—such as Microsoft Office 365—that push updates automatically, so you don’t even have to think about them.
Use two-factor authentication
People are pretty terrible at passwords. It’s 2019, and “123456” and “password” are still topping lists of the most commonly used passwords. Basically, if there were a Billboard list of awful passwords, these guys would have hit triple platinum.
Don’t let a poorly chosen password be all that stands between you and hackers. Instead, opt for two-factor authentication (2FA) to add an extra layer of security to your passwords. 2FA uses a second set of credentials—a PIN sent as a text, for instance—to prevent hackers from cracking passwords. There are many 2FA programs out there, such as RSA Authentication Manager or SecureAuth IdP, which can help you configure 2FA on business applications. However, many commonly used programs, like Google Mail and Office 365, have built-in 2FA features that you can turn on by changing your application settings.
All the security technology in the world won’t help you if your employees are unwittingly undoing your efforts. Indeed, many of the biggest breaches in history started with a phishing email; with one click, an employee can unthinkingly surrender access to credentials, networks and privileged data.
With this in mind, employees should be taught to practice good cybersecurity behavior, such as not clicking on links through email, sharing application passwords or logging in remotely over untrusted Wi-Fi—and those lessons should be reinforced! Rather than conducting a one-time or annual training, make cybersecurity education an ongoing practice with supplementary refreshment courses and reminders.
Back up your data
You have a spare copy of your house key, so why wouldn’t you keep backups of the data you rely on every day to run your business? Backing up operational data will give you leverage in the event of a ransomware attack, a common technique targeting healthcare organizations and other businesses with access to sensitive information.
If you have backups in place, hackers won’t be able to lock you out of your data because you can simply revert to those backups and call it a day. Double down on this effort by asking your IT services provider to add encryption to sensitive data as well—no measure is too extreme when it comes to protecting your assets.
Create an incident response plan
Time is of the essence during a cybersecurity event, as identifying threats early keeps hackers at bay and limits the scope of the damage. During such a high-pressure event, however, it can be difficult to know what to do first. That’s why many companies create an incident response plan to help steer the course during a cybersecurity attack.
These plans detail key stakeholders and contact information, such as the number of a computer forensic consultant or legal advisor. They also help team members locate the source of a breach—the “patient zero”—and decide how to react. According to IBM’s research, companies that had such a plan in place were able to identify risks faster, ultimately saving an average of $14 per data record.
An IT services provider can help you create these kinds of recovery plans and get you back on your feet after an attack, and they can also initiate preventive protections like firewalls, email filtering, threat detection and more. They can even take the lead on employee cybersecurity training, creating valuable resources that will help you get all your team members on the same page.
You don’t have to wait until you engage an IT services provider to start fighting cybercrime, though. Download our free cybersecurity bundle and get the ball rolling today. When it comes to your business security, you are the master of your own destiny.