Despite it having its own awareness month (October), cybersecurity is a practice that should be thought of each month and every day of the year (24/7/365). With the average cost of a malware attack on a company being $2.4 million, even a small lapse in awareness could shut a company’s doors for good. In fact, 60% of small businesses that fall victim to a cyberattack go out of business within six months. And here’s another statistic to keep in mind, in 2018 alone, there were over 30 million cyberattacks, averaging out to over 80,000 attacks per day! In total, by 2021, the damage related to cyberattacks is projected to hit $6 trillion annually.
So, it goes without saying, you don’t want your company to become part of any of those statistics. The first step in becoming cyber aware is knowing what to look out for. It’s actually a topic we addressed in our last blog post, “Cyberattacks to Be Aware of in 2020.” That post may have been written with a consultant focused audience in mind, but the threats mentioned relate to all.
Beyond awareness, however, there are other relatively simple steps organizations can take in order to protect themselves against cyber threats. In this blog post, we address a handful of cybersecurity best practices.
Limit Employee Access to Sensitive Data
Human error is the number one information security threat. According to research, 90% of cyberattacks can be traced back to human error and negligence. By inadvertently clicking on a corrupted link, or opening a seemingly benign yet malicious file, your employees could inadvertently be giving hackers access to sensitive information.
With that in mind, security-conscious organizations should be limiting employee access to sensitive data. That means only giving your employees access to the data they need to effectively complete their jobs. Taking this a step further, when an employee leaves, collect their ID badges and entry keys, and change/delete passwords and accounts for the systems the employee may have had access to. For any shared accounts, change those passwords too.
While this may be a hassle, it beats the aggravation faced when dealing with a data breach.
Keep Up with Software Updates and Patches
Keeping up with software updates, which include software patches, is another excellent way to protect your software from intruders. A software patch is a set of changes to a computer program or its supporting data designed to update, fix, or improve it. This includes fixing security vulnerabilities and other bugs – also commonly referred to as bug fixes. When vendors become aware of vulnerabilities in their products, they often issue patches (in the form of software updates) to fix the problem. So, make sure to stay apprised of updates and make them as soon as possible to maintain your system’s security.
It’s also important to keep in mind that software vendors, such as Microsoft, are not required to provide security updates for unsupported products. If you’re running an old version of Windows on your work PCs, it’d be wise to update.
Utilize Firewalls and Antivirus Protection Software
Antivirus protection software is an important part of an effective protection solution. It has the ability to detect known threats, as well as new ones, and properly delete them from your systems. The best and most popular antivirus software can be purchased through the following vendors: Bitdefender, Kaspersky, Webroot, Trend Micro, Norton, ESET, AVG Technologies, F-Secure, Sophos, and McAfee.
Firewalls, on the other hand, help to keep attackers from getting access to your system in the first place. They are a network security system that monitor, and control, incoming and outgoing network traffic based on predetermined security rules set by those who run your network, such as network administrators. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, e.g., the Internet.
Set Up Web and Email Filters
Use email and web filters to prevent spam from clogging employee inboxes and to restrict employees from visiting malicious websites. Remember, the most common way to fall victim to a phishing or spyware attack is to open and click on malicious programs received via email or an online pop-up.
To guard against this, set up web filters. Web filters, aka “content control software,” are pieces of software designed to restrict what websites a user can visit. Typically, these will restrict access to pornographic websites and social media platforms, as these are the most frequent offenders.
Train Your Employees
The most effective way to keep your organization safe from cyber threats, though, is to effectively train your employees. Just as humans are the number one security threat, they’re also your best protection against security threats. So, hold monthly, quarterly, or at least annual cybersecurity seminars to keep your employees abreast of proper cybersecurity procedures and to keep them aware of the latest cyber threats. At minimum, here’s what your employees should know:
- How to select strong passwords and how often these passwords should be changed
- Proper protocols for handling business information at work and at home
- Strategies for proper email usage
- Never to install unauthorized software
- What to do in the event of a cyberattack
By training, and retraining your employees, you’ll be creating a cyber-vigilant employee and putting up the first line of defense against cyberattacks.