Top 7 Tips to Protect Your Business from Cyber ThreatsJan 28, 2022
Recent data has shown that businesses of any type and size face a real risk of a cyberattack. Nearly two-thirds of businesses globally have seen an increase in cyberattacks since the mass shift to remote work. In Canada alone, there has been a 63% increase in cyberattacks targeting small businesses.
The impacts of these cyberattacks are devastating, particularly for small business already burdened by the financial pressures of the pandemic. They include reputational damage, privacy breaches and financial damages. These cyberattacks do not come cheap as the estimated average cost of a data breach including ransomware is CAD $6.3M.
Those who work in information security in Canada say that human error is the biggest risk as most cyberattacks involve some kind of interaction with people. Yet, cyberattacks can be mitigated with some cautionary steps. Here are some basic things you can do today to protect yourself and your business...
1. Back-up your data
It is essential that you backup your data and information regularly. This will help you recover any information that you could potentially lose if you are subject to a cyber incident or if you are simply having computer issues. Generally, backing up data does not cost much money and is easy to do.
There are multiple ways you can back up your data. You can use an external drive or portable device like a USB stick. Ideally, do not leave this external device on-site for security reasons and ensure that it is encrypted and password protected. Do not leave the device connected to a computer either as the device can be infected in the event of a cyber attack. You can also back up your data through a cloud storage solution. Typically, you would want to encrypt your data when transferring and storing it.
Backups should be done frequently (daily, weekly or even yearly). It is also good practice to ensure you can restore your data from your back up.
2. Secure your devices and network
You can secure your devices and network in four primary ways:
- Updates: Make sure your operating system and security applications are set to automatically update. Important security upgrades for recent infections and attacks may be included in updates.
- Security Software: Installing security software such as anti-virus, anti-spam, and anti-spyware on your business devices will help prevent infection.
- Firewalls: These act as a gatekeeper for all incoming and outgoing traffic and sets up a barrier between a trusted network and an untrusted network.
- Spam Filters: Enabling spam filters on your email will reduce the chance of you or your employees opening spam or phishing emails containing viruses or malware.
3. Encrypt your data!
Encryption converts your data into unintelligible strings of letters and numbers. This reduces the risk of theft, destruction, or tampering. You can turn on encryption through your router settings or you can install a Virtual Private Network (VPN) solution on your devices.
4. Have unique passwords and passphrases
Rule 1: “password” is not a password.
Rule 2: do not use the same password for everything! If a cyber criminal gets access to one of your accounts, they will get access to all of them if you have the same password for all your accounts.
When coming up with a password for your account, try use a passphrase instead. Passphrases are a combination of four or more random words. Use a series of special characters, upper-and-lower-case letters, and at least one number.
5. Enable Multi-Factor Authentication (everywhere!)
Having a unique password or passphrase on its own is often not as secure as you might think. Multi-Factor Authentication (MFA) makes it harder for cyber criminals to access your devices and data. MFA means that you need more than one authentication factor to log into a device or account. This way, if a malicious actor gets access to your account through one method, they would still need a secondary piece of information to gain full access to your account.
6. Have workplace policies to guide employees
Cyber policies are essential to helping your employees understand their responsibilities in protecting the cybersecurity of the company as well as the privacy of your customers. Cyber policies lay out these responsibilities and also provide a guideline for what is acceptable when employees use or share data, devices, or work from home.
Most importantly, employees are the first line of defence against cyber threats. It is important to put cybersecurity training in place so that your employees know about the threats they could face, how to identify them, and what next steps should be.
To learn more about cybersecurity, check out our free cybersecurity course here!