Cybersecurity Checklist: What Every Small Business Should Know
Everything is available online.
Yes, you read it right. EVERYTHING.
Although not everything is available for free, however, yes, everything resides online.
From food recipes to maps, to research articles, to news, to entertainment, to money, to dating. You name it, it’s there.
But that’s not all. EVERYONE is also available online.
Personal details like names, addresses, contact numbers, and other personal and far more confidential information.
Everything and everyone resides online.
The future that centuries ago have predicted has come.
The digital world has risen! It has risen like crazy that now, a humanoid robot has been given full citizenship in Saudi Arabia and an AI robot has been granted residency in Japan.
That’s just the start.
Not only robots are booming, but also news on the long-awaited flying cars are trending.
Do you know that Uber has teamed up with NASA in making flying cars possible in the year 2020?
According to USA Today, Uber signed an agreement with NASA to help develop a specialized air traffic control network for the UberAir or Uber Elevate, the flying-car project.
Along with these modern technologies and future plans are almost all people worldwide being connected online through social or school networking, work or entertainment. Millions of people worldwide are online every second.
This twenty-first century we are living in is a digital and content-hungry generation, capturing and using everything the world offers.
However, not everything online is used for good. Some are, yes, used with wicked intentions.
Do you know what this year’s trending data breach that caused millions of dollars worth of damages?
Yes, you’re right.
It’s the Equifax data breach early this year, discovered on July 29, compromising 143 million American consumers’ personal information such as social security numbers, names, birthdates, addresses and driver’s license number. Credit card data were also exposed.
So far, the biggest data breach damage caused was 3 years ago with Yahoo; all 3 billion users information were compromised.
Equifax Inc. is one of the largest credit card bureaus in the United States with over 800M individual consumers and 88M businesses worldwide.
It’s a big company! But, are big companies the only target of a data breach?
Although small businesses may not seem to be the main target, they are just as equally vulnerable as big companies.
Actually, everyone with data saved online is vulnerable to data breach. Yes, even if you don’t own any business.
Why? What can hackers get from people’s data? What is there really to be scared of?
Dangers of Cybercrime
#1 Identity Theft
This is a common cybercrime where an individual is asked to enter personal information like names, debit or credit card numbers, address, Social Security number and basically, people’s identity.
The information gathered is mainly used by scammers for purchases outside your will and knowledge.
Some also sell the identity gathered to the black market out there that has more evil intentions than just draining bank accounts.
Aside from that, victims may also suffer from having thousands of dollars of debt under their names, be denied of employment, mortgages, and loans due to untrustworthy and scarred credit history, and spend unnecessary years resolving the damages done by identity thieves.
Worst is, victims could face criminal charges with crimes they haven’t even thought of committing.
This cybercrime has been causing damages to millions of people and businesses around the globe. Hacking is an unauthorized access to a computer without the owner’s permission.
Website accounts and passwords are targets of hacking.
Once access has been gained, different things can happen such as loss of private information and data, incurring changes on website’s contents, getting redirected to sites with malicious intents and acquiring SQL injections where hackers take advantage of the software’s vulnerabilities that runs the website.
For companies, getting hacked means financial loss of $170 million, like what happened to Sony when their PlayStation system got hacked last 2011.
#3 Acquiring Malware
Malware (MALicious softWARE) is a software written with a primary goal of damaging, disabling, ruining and harming computer systems.
Types of malware are virus, ransomware, trojan, worms, and adware. These types of malware are usually acquired online through downloadable files, email attachment and removable media inserted to a computer.
Once the malware is acquired, it can cause disrupted computer operation, delete or corrupt data and steal information.
One example of a viral malware is the ILOVEYOU virus in the year 2002 causing an estimated $5.5–8.7 billion damage and another $15 billion cost for its removal.
Another cybercrime that aims to collect and obtain information like names, usernames, passwords, credit card details, Social Security numbers and other sensitive information.
Phishing usually comes in a form of an email or a pop-up message designed to look legitimate and identical from those usually received from trusted websites, banks, schools or from someone you know and trust.
Phishing oftentimes looks so real that anyone just readily gives information without a blink of an eye (thinking that the website belongs to those trusted ones).
Phishing could lead to stolen personal sensitive information and credentials, financial loss for companies and users, identity theft, malware spread, and even preventing users to access their own accounts.
For businesses, phishing can result in lowering brand trust and dropped income and ROI.
Spam is an unwanted and unsolicited message (email, instant or text), usually sent for commercial purposes, also known as junk email.
Most spam messages contain malware threats and may lead to phishing and identity theft. Aside from that, spam messages may also contain virus-infected files as attachments.
So what should you do to counteract cybercrime attacks? Here’s a checklist for you:
Cybersecurity Best Practices
Cybersecurity pertains to the measures and preventions taken to secure and protect a computer or computer system against cybercrime and cyber attacks. Here’s what small businesses can do to ensure cybersecurity and data security:
1. Create strong passwords
Always make sure to create long complicated, strong and unpredictable passwords such as a combination of phrases, symbols, and numbers. Never use your name, pet’s name, or your birthdate when creating one.
Also, keep it a habit not to reuse passwords across other accounts since it can easily give a pattern-hint to cybercriminals that could lead to jeopardizing not just one account, but also all other accounts you’re using for your business.
Take advantage of two-factor authentication.
2. Email hygiene
Most small businesses use email as main communication tool since it is cheaper, free, and everyone is using it.
But, do you know that most cybercrimes are successfully done through email? Take the ILOVEYOU virus (2002), MyDoom (2004), Storm Worm (2006), and CryptoLocker (2013) for example. All these were malware spread via email that caused more than a million dollar damage worldwide. There are just so many compelling reasons to stop using email in the workplace.
To minimize these hazardous cyber attacks, consider using a secure online collaboration system with bank-level security using data encryption for both data in transit and at rest.
When receiving unsolicited emails, make sure not to click on any link or attachment provided to avoid unknowingly downloading malware to your device and spreading it to connected networks in your office.
Make sure to double check and confirm if a specific email, especially with attachment and links, truly came from the sender.
Prevention is better than cure, as they always say.
3. Secure browsing habits
Be extra careful and always think twice before you click any link or download anything online.
Be vigilant. Practice secure browsing habits.
Use a browser extension (e.g. Adblock Plus, HoverSee, and SearchPreview) that allows you to mouseover a link, image, and videos first to see what you are about to click.
Also, be mindful of the website you’re visiting. Check and make sure to only go to websites with HTTPS encryption especially when in public places.
4. Update your software, all the time
Software and application updates are created to fix bug issues that are present in older software versions. They improve performance and increase security measures.
5. Never use public WiFi
Remote working is a trend nowadays and this is true for small or big businesses. It is convenient and cheaper to use public WiFi, but reconsider doing so. Why?
Public WiFi is NOT SECURE.
Public WiFi could allow man-in-the-middle attacks (MITM). MITM is a hacker’s way of eavesdropping and intercepting data between two parties and controlling the communication that would benefit the hacker most.
If your page keeps jumping around and redirecting to other sites, pay attention. That could be a MITM attack. If that happens, close your browser entirely and disconnect from the WiFi connection.
Moreover, never ever access your online bank accounts using public WiFi.
Public WiFi could also lead you to get malware through a network connection. Not all computers using public WiFi have malware protection. Some might have been carrying it and could infect all other computers that are connected to the same network.
Never use public WiFi in coffee shops, malls, airports, hotels and basically anywhere.
6. Use a firewall
A network security, either software or hardware that monitors and protects incoming and outgoing network traffic is called a firewall.
A firewall is a necessity for securing network traffic, establishing a barrier and protection between trusted and unauthorized communication on networks and computer hosts.
Network security for business is one of the critical necessities every company should know.
Some operating systems have a built-in firewall already and some don’t. If your operating system has one, always turn it on. Otherwise, you might want to consider buying firewall to keep you invisible and protected on the internet.
7. Backup your data
Aside from cyber attacks, technology cannot always be reliable. There are instances when unexpected things happen, like a computer crash, hard drive failure, physical computer damage, loss of property and other natural calamities such as fire, flood, and an earthquake.
Before any of these instances happen, it is best to backup all important information in the cloud and off-site in a secure location.
Backup your data on a regular basis and make sure to encrypt all your data stored in it.
For backup devices that you’ve decided not to use any longer, make sure to destroy all data before discarding them. Burn, chop, or destroy them entirely because deleted computer data is never gone forever, technically.
8. Encrypt everything
Protect everything that is essential for your business.
Encrypt the following:
- Files in the cloud
- Data on the go (memory cards, USB flash drives)
- Documents (Word, Excel, Powerpoint, Pdf)
- Messaging apps
- Internet traffic
- Browser traffic
- Hard drive
- Backup files
- Anything else
DO NOT take anything for granted, even smartphones. Most employees connect their work data to their smartphones because it is just convenient and on the go. But please, do this next thing.
9. Implement cybersecurity policy among employees
Educate your employees. Cybercrimes successfully happen because cybersecurity has been taken for granted and people just don’t care.
Ransomware has become a billion-dollar industry and it’s just starting. Many more sophisticated cybercrime is to come and all businesses, big or small, and all people, should understand the necessity of cybersecurity.
Preach it to your employees. Implement a cybersecurity policy where everyone is held accountable.
Before onboarding a newly hired employee, make cybersecurity part of the training program.
Big companies start from small business. Better start implementing a big company’s cybersecurity practices now, than suffer later.
Everything is now possible online. Everyone knows and are taking advantage of that fact.
Every day, numerous cyber attacks are happening and some are just lurking somewhere online, waiting for your business to take the bait and be the next victim.
No matter how we wish to live on a safe planet where everybody can just live peacefully and happily, that just seems impossible.
No matter how much we think that the heart of humanity still dominates this world, we can never take away the fact that people with bad intentions are now rampant and are just waiting to successfully get what they want.
So instead of mourning on that sad fact, better protect your business and have a game plan in place.
Make it a habit to research and get updated always. Never let your business suffer the crimes you can actually avoid in the first place.
And, it is never too late to take advantage of what other companies offer that could benefit your business. Get help and trust what secure communication tools like Dead Drop Software can do to leverage your business and protect your company data from hackers’ prying eyes.
Originally published at The Daily MBA.