If you can’t afford to hire a bodyguard, don’t bother locking your door.
Clearly ridiculous. But this is the attitude too many small businesses have towards cybersecurity. In other words, they know they can’t do everything, and they do nothing at all.
Post-pandemic, most small businesses are cash-strapped, staff-strapped, or both. Taking real steps to address cybersecurity seems very difficult and expensive, adding to the challenge of persistence. Meanwhile, hackers, phishers and scammers are busier than ever. (In December, the FBI warned that small businesses face a growing threat of cyberattacks. As large businesses tighten their cyber defenses, cybercriminals are targeting more small businesses as soft targets.) It has become.)
But being small doesn’t mean being vulnerable. Here are some low-cost starting points to help you lock your door.
please backup
Onsite backups alone are not enough. Offsite cloud-based backup is essential to protect business operations from disasters involving human casualties. If you get hit with ransomware, you don’t have to pay hackers if your data is properly backed up offsite. Carbonite is a great option for his DIY. A cyber expert will be able to set a better one for you.
There is no such thing as free Wi-Fi
Hackers love free Wi-Fi. Perfect for data theft, account theft, malware and ransomware. Don’t touch me. Use your phone’s mobile his hotspot when you’re on the go.
stay up to date
Make sure your operating system, software, and firmware are up to date with the latest security patches and upgrades. Don’t forget your router. (Speaking of which, you need a business-class router and a business-class firewall. There are significant differences between these and home versions.) Set your antivirus and antimalware programs to update automatically To do.
no phishing
Please treat emailed links with suspicion and remind staff to do the same. We also recognize urgent and unusual requests via email or text from outside or inside the organization as red flags. Check for incorrect e-mail addresses. If the message gives you a bad feeling, or if money is involved, call the known number (not the number listed in the message). Unsolicited phone calls, emails, or text messages from “tech support” are always fraudulent.
Find a trusted and qualified cyber expert
It’s easy to think that cybersecurity support is out of your budget or that you don’t need it because things “seem to work”. Three things to consider:
1. A cyberattack could wipe out your budget and Your business (60% of small businesses hit by cyberattacks go bankrupt within 6 months).
2. Hackers often have already compromised systems that “appear to be working fine.” Lying low can do unimaginable damage.cyber professional can You can imagine the damage and show how to prevent it. You don’t want to rush for help when you’re already in free fall.
3. Request credentials and certificates. many If you have questions, read the contract (or better yet, have a lawyer read it). These are not relationships built by shaking hands.
please don’t stop there
These steps are minimal. If you can afford it, keep filling the gaps by focusing on the high-risk holes in your cybersecurity defenses. This battle has never been won. But protecting yourself and your customers is good business.
• Using the same password for multiple accounts is like having one key for every apartment in the building. A hacker cracks a reused password on one of her sites, breaking into all of her accounts.
• Do not leave your device set to the default username and password. You may not remember what they are, but any hacker can easily find them on Google.
• Passwords are difficult to create and remember. A password manager can help. A complex, unique password is generated for each site you use and stored in a “vault” accessible with only one master password. (Check Dashlane, Keeper, NordPass, LastPass.)
Everywhere 2FA
Hackers have programs that can crack passwords in seconds, so you need two-factor authentication. Two-factor authentication (2FA) cross-validates by requiring two forms of identity, often an email address and a code sent to your mobile phone, to access your account. You can use it for anything, anywhere: bank logins, all financial transactions, computer logins, Facebook, Office 365. If it’s an option, use it. Once you have 2FA enabled, do not respond to any phone calls or emails asking for a code, even if they appear to be from your bank, friends or family. Hacker also knows about his 2FA and gets creative to get that second element of his. Once they figure it out, you toast.
Role-based access control
With RBAC, employees can access only the systems they need to do their jobs. Clear Role — Prevent unauthorized access to data, misuse of data, and limit exposed systems in case of credential theft. Requires a cybersecurity expert to set it up.