Cyberattacks have become more common, with businesses facing new threats exploiting the changes and challenges brought on by the pandemic. A major shift to teleworking has opened the door to new security risks that have caught many businesses off guard. Many businesses had to take shortcuts to quickly ramp up their online presence. Unfortunately, hackers and criminals are exploiting the current situation to take advantage of businesses and employees.
Identify the Risks
Large companies are often the targets of the most sophisticated and large-scale cyberattacks. And, while attacks aimed at small and mid-size businesses may not draw as much attention, they can be particularly devastating. Small businesses often have fewer resources for cybersecurity, and data breaches may go undetected for longer periods of time because small businesses don’t have adequate network security and monitoring systems.
The threats are constantly evolving, with new challenges like videoconference hijacking (Zoom bombing) and variations of some common types of cyberattacks, including:
- Business email compromise—Criminals use social engineering techniques to convince employees to wire money by sending spoofed emails or texts that appear to come from a person of authority in the company.
- Phishing—Phishing emails are sent to employees to trick them into sharing account credentials or opening malicious attachments.
- Ransomware—Ransomware is a type of malware that can infect a computer when a user clicks on a malicious link in an email or on a website. The malware encrypts files on the device and any others linked to it through a network. Users are locked out and receive a message from the cybercriminals to pay up in order to gain access to their files.
- Stolen or compromised devices—Hackers steal devices or break into them to steal sensitive data.
10 Ways to Ramp Up Cybersecurity
It’s important to stay vigilant in this ever-changing environment. These 10 tips can help your organization guard against new and emerging cyberthreats.
- Develop or review your cybersecurity plan. The basics may include multilayered endpoint security, network security, encryption and strong authentication technologies. Look into the IT security policies of your vendors to help ensure they don’t expose you to unnecessary risk. You may want to hire a cybersecurity firm to review your potential vulnerabilities and/or manage your IT security if you don’t have sufficient internal resources.
- Use a firewall and antivirus software. Protect your internet connection by setting up a firewall and encryption. All computers should be equipped with antivirus software and antispyware. Set up automatic software updates to ensure security fixes are in place.
- Secure your Wi-Fi network. Make sure your Wi-Fi network is secure with password-protected access to your router. Set up a guest account with a different password for customers or clients who need to access Wi-Fi, so they don’t need to access your main network.
- Centralize hardware management. Maintain an inventory of all equipment and run regular audits on your networks to check for unauthorized device access. To protect your network, reserve administrative privileges for your IT team and key employees.
- Back up your data. Store data in several places, using off-site and cloud-based services. If you become a victim of a cyberattack, you’ll be able to restore operations quickly without having to pay for a ransomware decryption key. The ability to restore data quickly can make a big difference to profitability and reputation.
- Strengthen passwords. Enforce strict companywide policies for creating strong passwords, using different passwords for different applications and changing passwords on a regular basis.
- Educate employees. Develop an employee training program to ensure everyone understands security policies and procedures. Consider scheduling refresher courses periodically to keep employees informed. For employees working from home, emphasize ways to stay secure while teleworking.
- Increase email security. Encourage employees to pay close attention to URLs and read emails carefully, even those appearing to come from a known sender. Ask them to avoid opening unknown or unexpected email attachments (especially compressed or ZIP files) or clicking on links.
- Communicate with customers. Demonstrate your commitment to digital security by sharing relevant information about policy changes, security protocols and technology updates with your customer base.
- Implement an incident response plan. Effectively documenting protocols in the event of a security breach, such as who to notify and where backups are stored, can save your organization valuable time in a crisis.
At Navy Federal Credit Union, we’re always monitoring for security threats, and we partner with you to protect your financial and business accounts. Visit our Security Center for more ways to defend against cybercrime.
- Do you know what the state of your cyber defenses looks like right now? Take inventory of the guards you already have in place.
- Does your business have a plan in case of a cyberattack? Draft one out with your team and have them reviewed by your internal IT and security team, or outsource it to a cybersecurity firm.
- Make sure your Wi-Fi is secure and ensure that your employees are educated on common red flags, like phishing attempts.
This content is intended to provide general information and shouldn't be considered legal, tax or financial advice. It's always a good idea to consult a tax or financial advisor for specific information on how certain laws apply to your situation and about your individual financial situation.