According to Info Security Group, phishing emails have skyrocketed by over 600% since the end of February, right when the global impact of COVID-19 was ramping up. This is no coincidence. With businesses rushing online to reach their customers and connect their employees, security isn’t always prioritized and hackers are ready to pounce on weak cybersecurity. There are several easy steps your business can take to combat the rise in hacking and phishing attempts to protect your information and team.
Implement Cybersecurity Training
This first option is free, but one of the most effective options: train your employees on cybersecurity risks and best practices. This should be done both during the onboarding process and with continuous reminders and tips to the team to ensure things stick.
Training can include tips like:
- Best practices for creating a strong password (long, utilizing numbers, upper and lower case letters, and symbols);
- Avoid writing down passwords or storing them in insecure locations;
- Caution against using the same password across multiple accounts;
- Leverage secure password managers like LastPass or 1Password; and
- What to look for when receiving an unexpected email with an attachment, money or gift card request from a teammate/client, or link to a login page.
If your team is educated on what to look out for and what actions to take, they’ll be an extra level of security between you and hackers.
Customize Software Security Options
There are software account options you can enable to improve your security on a global level. Each website’s online account management features are unique, but look for options related to requiring a strong password (long, alphanumeric, special characters), password expiration, limiting login IP ranges, and login expiration. These can all make it harder for hackers to gain and maintain access to accounts. You can also lock down user access to information irrelevant to their role or disable data export capabilities.
Also, require a password wherever possible and have passwords required after periods of inactivity. Many systems allow fingerprint, face, or pattern login options to make this easier for employees however, it’s important to weigh the pros and cons of easier login options since some could compromise your security. For example, some facial recognition security options are fooled with a picture of the user or by pointing the camera at the user without their knowledge.
Enable Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA), sometimes also called Two-Factor Authentication (2FA), is a feature on many online tools that requires users to tie their account to a phone number or authentication mobile app.
When logging into those services with MFA/2FA enabled, the system requires the user to enter in a code, either sent to them via a text message to their registered phone or a code displayed in their authentication phone app like Google Authenticator or Microsoft Authenticator. This feature limits hackers’ ability to access your team’s accounts even if they have their passwords, as they won’t have access to the text or authenticator code.
Set up Single Sign-On (SSO)
The more online tools your business uses, the more passwords your team has to create. This can lead to having several passwords to remember, or worse, compromised security by using the same password across multiple sites. The solution to this is something called Single Sign-On (SSO), which allows a business to configure their tools to all use a singular system for signing onto each of their online tools. It’s secure, easy, and reduces the number of login pages that your team sees, which can also improve productivity.
The business’s IT administrator would need to set SSO up in the backend of each supported tool, but once set up, it saves your team time and improves your control over system access and password management.
Create Standard Windows/Mac User Accounts
IT administrators setting up their teammates’ computers have the choice of creating a Standard or Administrator Account. While Administrator accounts allow users to install any program the user wants and change all system settings, this can present a significant security risk. Malware, viruses, and other compromised files can be installed and launched by Administrator accounts, which can be bad news for that user or your entire company. Instead, create Standard Accounts and offer support if your team members need a particular application installed so that your IT administrator can verify its credibility and keep the computers safe and malware-free.
Activate & Customize Your Spam Filter
One way to prevent phishing schemes from being effective is to stop them from ever reaching your team’s mailboxes. Ensure your spam filters are set up both at the company-wide and at the individual user level. The security levels you set in place will be determined by the types of emails you wish to receive.
For example, if your users only receive emails from established contacts, many of the popular email tools have an option to only receive emails from email addresses already in the user’s address book, although this might be a bit too strict for many companies. Choose the level of security that’s appropriate for how your business communicates.
Utilize Auto Backup Tools
Ransomware is a method of hacking where the hacker holds the business’s information hostage in exchange for money, often demanding untraceable Bitcoin. Even if the business does pay the ransom, there’s no guarantee they’ll regain access to their data. Businesses should invest in backup options for all of their data to safeguard against ransomware, as well as protect against server wipes and other occurrences of data loss.
Cybersecurity is a Mindset
Businesses should audit their cybersecurity regularly. You can use the above tips as a blueprint for developing your cybersecurity model, but also involve your entire team in adopting a mindset of cybersecurity and review your cybersecurity health regularly.
Your entire team needs to be educated, aware, and proactive in their day-to-day activities and your management team should be constantly evaluating new ways to improve cybersecurity. Cybersecurity is a mindset and needs to be part of any business decision that involves technology.
Get more articles and Canadian government funding updates delivered directly to your inbox by registering for the Mentor Works newsletter.