Fighting Cybersecurity Threats in Your Business
If your business stores any kind of digital information, you can become a victim of a cybercrime. The odds have increased exponentially during the pandemic, with more cyberthreats and scams floating around than ever before.
Here are some ways to reduce your chances of being attacked.
When thieves try to get your employees to provide confidential information via a phone call or email, this is known as social engineering. You can reduce your risk by developing procedures and training any employees that take customer phone calls for the business. Require them to ask for identifying information such as a pin or code, or simply have them avoid giving out information over the phone.
At First Steps Financial, we have processes in place to avoid these types of issues.
Passwords are often inconvenient, but necessary. Almost everyone is guilty of using passwords that are too easy to guess. Usernames and passwords for all First Steps Financial employees are stored on an encrypted site.
A few password tips:
- Avoid using dictionary words, even if the syllables are broken up in the password.
- Always use a combination of upper and lowercase letters, and don’t always capitalize the first letter—that’s too predictable.
- Include special characters, and think beyond the exclamation point.
- Use separate passwords for everything, especially for banking apps, accounting apps, and social media apps, which are frequently hacked.
- Make your passwords at least 12 characters. More characters will be needed each year.
Receiving and Delivering Information
If you deliver or receive information, it should be done safely and securely. One way to do this is through a customer portal such as Box or ShareFile (which First Steps Financial uses). These portals store information securely in the cloud. Another tool for safeguarding information delivery is encrypted email.
All computer users should have anti-virus software installed and active on their devices. Company procedures should dictate the settings, as well as which brand employees should use.
Spam Protection for Email
Anti-spam software is also necessary to protect the device from bad links in emails. Users should be trained to detect and avoid phishing emails.
Malware can be installed on your computer without your knowledge. To protect against these threats, avoid file-sharing when possible, be careful when visiting unknown websites, don’t download software you don’t recognize, and be careful with links in emails.
You may also need to protect your website from malware attacks by installing a firewall or other preventative solutions. New vulnerabilities are being detected every day, and it’s important to add plugins regularly.
Stay current with all of your software upgrades. Upgrades can patch vulnerabilities, so you are safer with each new upgrade you install.
Data in the Cloud
Make sure any data you have in the cloud is protected behind a secure technology solution. This generally means files are stored with AES 256-bit encryption. You can also look for SOC1 and SOC2 certifications.
Need to Know
There are many policies that need to be developed for employees with regard to data handling. One example is providing data access to employees on a need-to-know basis. For example, an operations manager does not need the password to the payroll system, but the payroll manager does.
Reducing Business Risk
These security tips are just the tip of the iceberg when it comes to having good data security practices in your business. Develop an excellent set of policies, train and monitor employees, and set a great example yourself to avoid growing threats to your business.