Protecting your business from cyber-attacks
Why YOU should be concerned about cyber-attacks and digital security threats and how to protect yourself and your business.
This October is #CyberSecurityAwarenessMonth, an international, annual campaign aimed at increasing the understanding of cyber-attacks and threats. The focus is to empower the public and business to be safer and more secure online.
When it comes to cyber-attacks, you may have thought to yourself, so what? Well, the statistics make for worrying reading*.
- Half of all cyber-attacks are targeted at small business yet; surprisingly, small businesses invest less than $500 in cybersecurity;
- It is estimated that cyber-attacks will cost $6 trillion in damages by 2021;
- Only 10 per cent of cybercrimes are reported each year in the US;
- There is a ransomware attack every 14 seconds;
- Everyone is vulnerable, and even brands like Yahoo!, Marriott, Equifax, eBay, Target and LinkedIn have been attacked costing them millions of dollars;
- You can become a hacker by buying software and tool kits that start from just $1;
- Public administration organizations receive one malicious email per 302 emails; and
- It takes five minutes to hack an IoT device.
The theme for this year’s Awarenss Month is “Do your part. #BeCyberSmart”. Produced by CISA, for the US Department of Homeland Security, it encourages individuals and organizations to own their role in protecting their part of cyberspace. It stresses personal accountability and the importance of taking proactive steps to enhance cybersecurity.
The emphasis is that: “If you connect it, protect it”.
But how can YOU do this?
CISA’s top tips for making cybersecurity part of your daily routine.
1 Double your login protection. Add multi-factor authentication to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in.
2 Shake up your password protocol. Use the longest password permissible and customize your standard password for different sites. This prevents cyber criminals from gaining access to these accounts and protects you in the event of a breach. Use password managers to generate and remember different, complex passwords for each.
3 If you connect, you must protect. Whether it’s your computer, smartphone, gaming device, or other network devices, the best defence is to update to the latest security software, web browser, and operating systems. Sign up for automatic updates, if you can, and protect your devices with anti-virus software
4 Play hard to get with strangers. Cybercriminals use phishing tactics, hoping to fool their victims. If you’re unsure who an email is from or if the email looks “phishy,” do not respond and do not click on any links or attachments found in that email. When available use the “junk” or “block” option to no longer receive messages from a particular sender.
5 Never click and tell. Limit what information you post on social media. What many people don’t realize is that these seemingly random details are all criminals need to know to target you, your loved ones, and your belongings. Disable location services that allow anyone to see where you are.
6 Keep tabs on your apps. A mobile application supports most connected appliances, toys, and devices. Your mobile device could be filled with suspicious apps running in the background using default permissions you never realized you approved. Check your app permissions and use the “rule of least privilege” to delete what you don’t need or no longer use. And only download apps from trusted vendors and sources.
7 Stay protected while connected. Before you connect to any public wireless hotspot be sure to confirm the name of the network and exact login procedures to ensure that the network is legitimate.
If you do use an unsecured public access point, avoid sensitive activities (e.g., banking) that require passwords or credit cards. Your personal hotspot is often a safer alternative to free Wi-Fi. Only use sites that begin with “https://” when online shopping or banking.
8 Back up all your data. Make sure that all critical business information is backed up safely and regularly so that you can restore it in an emergency. Make sure that the backup is stored in a secure place that other employees cannot access and that the backup device is not connected to any computer or network. An excellent place to store backups is in the cloud.
9 Install anti-virus software and firewalls. Ensure all PCs have anti-virus software installed and always on, and that your internet router and servers have firewalls installed.
10 Prevent your staff from installing dodgy software. All PCs, smartphones and tablets should only contain software and apps from reputable services you work with or manufacturer-approved app stores. Prevent staff from downloading any third-party software from unknown sources, which might contain malware. An excellent way to do this is to remove admin privileges from their user accounts.
11 Educate your employees about phishing scams. You can’t stop cybercriminals from sending phishing emails, but you can educate your staff to spot the signs. As a rule of thumb, employees should be suspicious of any emails that are not directly addressed to them and avoid opening email attachments in emails from an unknown origin.
12 Treat business information as personal information. Business information typically includes a mix of private and proprietary data. While you may think of trade secrets and company credit accounts, it also includes employee personally identifiable information (PII) through tax forms and payroll accounts. Do not share PII with unknown parties or over unsecured networks.
13 Social media platforms are part of the fraud toolset. By searching Google and scanning your organization’s social media sites, cybercriminals can gather information about your partners and vendors, as well as human resources and finance departments. To prevent cyber-attacks employees should avoid oversharing on social media and should not conduct official business, exchange payment, or share PII on social media platforms.
14 It only takes one time. Data breaches do not typically happen when a cybercriminal has hacked into an organization’s infrastructure. You can trace many cyber-attacks and data breaches back to a single security vulnerability, phishing attempt, or instance of accidental exposure. Be wary of unusual sources, do not click on unknown links, and delete suspicious messages immediately.
15 When travelling, stop auto-connecting. Some devices will automatically connect to available wireless networks or Bluetooth devices. This instant connection opens the door for cybercriminals to remotely access your devices. Disable these features so that you actively choose when to connect to a safe network.
If you’re worried about cyber-attacks at home, check out our top tips to keep you digitally safe at home.
Do you have any additional tips or advice to protect your resort business from cyber-attacks? We’d love to hear them – and we’ll add them to this article. You can email us at info@quickmerlin.com.
Source:
CPOMagazine