Let’s face it, no CEO wakes up in the morning and says, “Today I’m going to let my systems get hacked, so some stranger can steal my company’s secrets and empty my company’s bank account”.
And yet, through ignorance or complacency, more than half of all internet users have experienced some type of cybercrime. The biggest threat to companies’ cybersecurity is not faulty IT systems, but employee negligence.
Why do business owners have to protect their data?
Cybersecurity attacks against businesses rose globally by 50 per cent from 2020 to 2021. A cybersecurity attack will mean:
- Possible theft of money or sensitive company data.
- Customers’ financial data being stolen, leaving you open to legal action and damaged reputation.
- Having to hire expensive technical support to repair the breach and make the system secure.
- Expensive work stoppages while your system is being repaired.
Therefore, you have to implement strong cybersecurity practices to:
- Protect against theft of company funds.
- Protect your company’s data from industrial espionage.
- Keep your customers’ data safe.
- Ensure the smooth running of your business without stoppages resulting from security breaches.
Also, just because you’re not a large corporation doesn’t mean you’re not at risk. According to Forbes magazine, 43 per cent of cyber-attacks are against small businesses, at an average cost per business of $25,000.
The Forbes report also informs us that only 14 per cent of these businesses are adequately prepared for such attacks. So what are people doing wrong?
There are millions of people out there who would happily use password1 as the password for all their accounts if they could. Fortunately, most applications block such easily hackable words, protecting people from their own naivety. That’s not enough, however.
Make sure your passwords are a combination of letters, numbers, and other characters, e.g., !, #, &. Don’t use anything that can be easily guessed, or discovered from your company’s website or social media accounts, e.g:
- Names of the CEO, founders of others prominent in the company.
- Any part of your company or employees’ addresses.
- Birthdays or other numbers easily associated with someone.
- Anything else connected to you or your company.
If everyone on Facebook is wishing you Happy Birthday on the 24th of October, it doesn’t take a genius to guess 1024 might be part of your password.
Using the same password for everything
If you have the same password for all your company email, social media, and online banking, you’re a cyber thief’s dream come true. Once you inadvertently reveal it, it’s like handing a burglar the master key to every door in your business premises, along with the safe.
Yes, it’s hard for staff to remember multiple passwords. But your devices have a system for storing them, which will show a prompt every time they make up a new password they need to save. Once they use that, all they need to remember is the password to get into the device itself.
Oh, and writing passwords on Post-It notes stuck to the computer? That’s like leaving your key on display outside your front door for any passing burglar to pick up. Make sure your employees never get into this habit.
Using public Wi-Fi without safeguards
Ah, the freedom of being a digital nomad CEO, in touch with your office and employees from anywhere you happen to find yourself. You’re settled in front of your laptop in a café, sipping your favourite latte – while some hacker a few feet away steals all your data and starts spending your money before you’ve even finished your coffee.
Don’t let this happen to you. Before you use public Wi-Fi, safeguard your data with a virtual private network. You can sample them with a free VPN trial. This encrypts your data. Then, if anyone tried to hack into it, this is all they would see. Try pulling a credit card number out of that.
Having every device in your company protected by a VPN is a minimum security requirement. This has become more urgent as the increasing number of remote workers share sensitive and valuable data.
Clicking on phishing emails
Cyberthieves love email – 75 per cent of all malware is sent this way. For unwary internet users, it’s the gateway to their computers, their private data, and their money. The infamous Twitter hack in 2020, where 130 high-profile accounts were hijacked, was a phishing attack that exploited employee access to vital information.
Hacking and phishing emails may contain:
- Spyware that will steal your financial data, giving criminals access to your money.
- Messages with fake invoices, designed to get you to reveal banking details or send money to fraudulent accounts.
- Links that will bring up false virus warnings. You’ll end up being charged for bogus tech support, or having malware installed on your computers.
Just make sure your employees know they need to treat all mail from unknown sources as attempts to commit fraud until they prove otherwise. Get them into the habit of never clicking on a link in one of these messages. Also, they should never reply directly. First, they need to check the sender’s contact details elsewhere online.
Postponing software updates
Yes, updates are a pain. You have to pause what you’re doing, and they can take up to an hour to complete. But, as 200,000 users discovered after the WannaCrypt ransomware attack in 2017, postponing them can be costly.
Make sure everyone in your company has the latest updates on their devices. If they can’t download them immediately, they should schedule them for the earliest time the computer is idle, preferably within 12 hours.
Remember, having your computers hacked is always preventable. It can only happen if you allow it. To be competitive, you need to ensure your business is always safe from cyber criminals. Your devices don’t have to be the cyber equivalent of Fort Knox. Just follow sensible precautions. Then the criminals will back off and move to an easier target – of which, unfortunately, there will be no shortage.
Comments are closed.