If you’re the owner of a small to medium-sized business, your company may be at a higher risk for cyber attack than you think. Many company owners have the common misconception that only larger businesses are targeted. The truth is, criminals are looking for smaller players. Small to medium-sized businesses are more at risk due to typically weaker defenses resulting in limited resistance to cyber crimes. The cybercriminals know this.
Financial companies must be particularly vigilant in protecting their systems against cyber attacks, some which are blended with traditional financial criminal activity. “Blended Attacks” can take many forms and variations, which make them frustratingly difficult to detect and mitigate. An example would be when financial services client data is stolen, then, beyond the direct attacks on the client accounts, the stolen Personally Identifiable Information (PII) is used to create money laundering accounts. Once you are the victim of a Blended Attack, it is extremely difficult, in some cases impossible, to undo the years of ensuing damage.
Smaller businesses need to be increasingly vigilant when it comes to cybersecurity. Here are five ways for you and your employees to mitigate risk and help keep your company and data secure.
1. Beware of Suspicious Emails, Attachments, Pop-ups, and Social Media Links
Phishing scams attempt to trick you into revealing information such as your password to a system containing client information, or to click on an email or website link, or to open a document, to infect your computer to give the criminals access to your client data. Rule # 1 in 2021; don’t click what you don’t know. A successful phishing attack leads to identity theft if personal information is revealed. Client names, addresses, account numbers, social insurance numbers, payroll account numbers, birth dates, are all incredibly valuable to the attackers. This type of cyberattack accounts for over 80% of reported security incidents. They can also lead to BEC (Business Email Compromise) scams that can cause the theft of money from accounts through fraudulent payments, transfers, etc., that are redirected to the accounts of cybercriminals.
It is especially important not to click on attachments in unsolicited emails. You could be a click away from giving cybercriminals access to your confidential information. Bear in mind that the quality of emails and websites that cybercriminals create can look very authentic.
Although phishing is most commonly carried out through email, never give out any sensitive information that comes from any source you are unfamiliar with. This includes social media links, websites, phone calls and texts.
2. Choose a Strong Password, or use a Passphrase
Having numerous complex passwords to remember can make it tempting to take shortcuts. However, using simple, easy-to-remember passwords, or reusing the same password, makes it easy for cyber thieves. An essential step for cybersecurity is to have a unique password for each system or device. And favouring length over complexity is important. While it is valuable to use a mix of complex, unique characters and symbols, passwords containing a minimum of 12 characters gets to a length that can allow a password to be less complex and just as secure. Shorter passwords with lot of funny characters can be hard to remember and to type. Instead, try a longer, quick to type sentence with proper capitalization and funny punctuations you will remember. Here is a primer on strong passwords. Better yet, for a laptop, use a high-grade fingerprint reader that will allow you to use very long passwords that you will rarely have to type, the fingerprint reader will put them in for you.
3. Never Leave Devices Unprotected in Public
We love how portable our devices are, but this convenience also means they are easy to steal, making physical security as much of a need as information security. Never leave your laptop, phone, or tablet unattended in public. Always, even on your phone, have your device encrypted and a protected with a strong password. But train yourself and your colleagues to not take devices for granted when in public.
4. Keep Security Software Up-to-Date
Always install the latest security updates for your operating system and software programs as soon as they’re available. They provide important patches to fix security holes, reducing the risk of breaches and malware infections. These updates also update drivers, remove outdated features, and add new ones that may provide new levels of security. A good rule of thumb is the newer your device or software, the more secure it will be. So, ensure you are doing full upgrades to the latest offerings.
5. Install Strong Anti-Malware Protection
The World Economic Forum Global Risks Report 2018 expects the cost of cybercrime to businesses over the next five years to be US$8 trillion. Some of the most significant costs are related to ransomware, a malicious software that blocks access to data through encryption or by taking control of a computer until a ransom is paid. These attacks are becoming increasingly complex, effective and damaging for businesses of all sizes. Good anti-malware software that is kept up to date can block many of these attacks.
Remediation costs are continually on the rise as cyber thieves are becoming more sophisticated, using advanced technologies to infiltrate back-up and even cloud storage. Although companies tend to focus security measures on infrastructure like a server because that is where a mass of data sits, it’s actually the endpoints such as laptops, phones, and tablets that are at the greatest risk for infiltration from cybercriminals. And those infiltration can lead to access to the server. In the devices we secure and provide for our clients, NPC installs an enterprise version of ESET. We have had an outstanding track record working with this product for more than a decade.
A Final Thought
For the ultimate in small business security, get an organization that specializes in secure managed computing to do all this for you. NPC DataGuard provides fully secured computers and software that include secure remote backup, advanced anti-malware, and state-of-the-art encryption, and encryption management on all our devices. Our security is system-wide, runs automatically, and is monitored for compliance by a support team that is available 24/7/365. Everything on your computer is backed up daily and is frequently scanned for the latest threats. We back up our security services to you with $5,000,000 of privacy and data breach remediation insurance. We even replace hardware if it’s lost or stolen, and restore your data from the advanced, multi-level secure backups provided with our product.
Today, computer security requires a specialist. NPC takes the risk of computing out of your hands and gives you confidence knowing your company’s information is secure.