A recent release by the BC Chamber of Commerce showed that as many as 61% of businesses have reported experiencing a cybersecurity incident. This is a particularly troublesome problem for small businesses, especially if they do not have dedicated IT security professionals on staff.
One of the most menacing problems of late is the threat of a ransomware attack. In such a case, hackers or malware break into your systems and can deny access to your devices, software, or files unless a sum of money is paid. Aside from the potential security and financial loss, such an attack can be costly to reputations, especially if you’re dealing with sensitive information such as personal, legal, or financial data.
Fortunately, there are a few simple steps you can take to protect yourself, your business, and your devices from cyberattacks – even if you don’t have a dedicated IT team.
Keep software up-to-date
It may seem quite simple, but making sure that you have the most current version of your software is always good practice. Software developers and companies are always testing and upgrading their programs to build in better protections and address weaknesses.
Cyber thieves and hackers adapt and learn quickly, but they often rely on decoding older versions of software. Updating your software and adding patches when available are good ways to keep ahead of them. But remember, only update from trusted and reliable sources and if you have suspicions, ask your software provider.
If you’re using cloud software solutions, most updates are automatic and deployed by the software provider without requiring you to take action. But even then, there are a few things you can do to protect your subscription and your work – the next two points in particular address those.
Create strong passwords
Passwords are your first line of defense against cyberattacks and the stronger the password, the better. Make sure to reset passwords for any new devices, online accounts, or software tools. Current best practices on creating passwords include using a long combination (12 characters or more) of uppercase and lowercase letters, numbers, and symbols or punctuation such as “#”, “@” and “!”. You should also use a different password for each account and change your passwords on a regular basis.
The more difficult it is for hackers to get into your systems, the quicker they’ll give up and move on. Never use anything that would be too easy to guess such as a birthdate or your company name. These are things that hackers can readily uncover without much hassle. And believe it or not, one of the most commonly used passwords is the word “password” itself. The use of biometric passwords where possible, such as fingerprint ID or facial recognition, are powerful cybersecurity tools.
Also, never write out passwords or store them in a digital form. It is too easy to for them to get discovered or compromised if you’re attacked. Additionally, be sure to change passwords and program access whenever you have a change in staff.
If you have a lot of accounts and passwords to manage, you might consider using an online password manager that creates and stores encrypted passwords for your accounts. These tools generate complex passwords for each of your systems, making it difficult for cyber criminals to hack passwords and gain access. Some are free while others require a paid subscription.
Enable multi-factor authentication
When and where available, make sure you set up the multi-factor authentication methods that have been created and implemented by manufacturers and developers of your devices and software. Known as MFA or two-factor authentication (2FA), this is an electronic authentication method that requires a secondary means to identify and verify your right to access an account or a device.
This usually includes attaching a cellphone number or email address to your account. If a suspicious login attempt occurs, you’ll receive a notification on your phone or by email. If you or a member of your team didn’t make the request, you’ll know someone is trying to access your account. You may also be required to enter a verification code which is also sent by phone or email; simply enter the code where required and you’ll be back in business.
Be suspicious and stay vigilant
Scammers are always coming up with new ways to try and crack your codes or trick you. Received an email or call that seems odd or doesn’t quite make sense? Be suspicious and investigate before you act or give out any information! Phishing attacks are very common and they are getting better at mimicking the people in your contacts.
Most companies such as software providers and financial institutions will not email or phone you asking for sensitive business and financial information. If there is a problem, they’re more likely to alert you to the issue and request that you make any required updates within your own account yourself.
If in doubt, contact the customer support team at the company or the business advisor at your financial institution and check their website for known scams before giving away business or financial information by email or phone.
Staying vigilant, using strong passwords, and keeping up-to-date on changes and threats – these are just a few tips and suggestions to protect you and your business from cyberattacks.
Have a question? Ask an expert
Our team of experienced professionals are here to answer any questions you may have.