Cyberattacks have been on the rise for years, and the changes brought on by the pandemic have opened the door to additional security risks. While the shift to teleworking and an increased online presence have been beneficial for many companies, they have also created new vulnerabilities that business owners should be aware of.
Identifying the Risks
Large companies are often the target of the most sophisticated and large-scale cyberattacks, but attacks aimed at small and mid-size businesses can be equally as devastating. Some of the most common threats include phishing emails, texts or phone calls, malware, ransomware attacks, and stolen or compromised devices.
It’s important to stay vigilant in this ever-changing environment. Here are 10 tips to help your organization guard against new and emerging cyberthreats.
- Develop or review your cybersecurity plan. An effective cybersecurity plan should include strong network security, encryption and authentication technologies. The FCC offers a free cybersecurity planner for small business owners. If you don’t have the experience or resources to develop a plan, you can also hire a firm to review your potential vulnerabilities and manage your IT security.
- Use a firewall and antivirus software. Protect your internet connection by setting up a firewall and encryption. All computers should be equipped with antivirus software and antispyware. Set up automatic software updates on all company devices to ensure security fixes are in place.
- Secure your Wi-Fi network. Make sure your Wi-Fi network is secure with password-protected access to your router. Set up a separate guest account with a different password for customers or clients who need to access Wi-Fi, so they don’t have access to your main network.
- Protect your devices. Hackers can use a stolen laptop, smartphone or tablet to access your network. Maintain an inventory of equipment, and make sure your employees know to secure any company devices when not in use.
- Back up your data. Store data in several places, using off-site and cloud-based services. If you become a victim of a cyberattack, you’ll be able to restore operations quickly without having to pay for a ransomware decryption key. The ability to restore data quickly can make a big difference to profitability and reputation.
- Strengthen passwords. Enforce strict company-wide policies for creating strong passwords, using different passwords for different applications and changing passwords on a regular basis.
- Educate employees. Develop an employee training program to ensure everyone understands security policies and procedures. Consider scheduling refresher courses periodically to keep employees informed. For employees working from home, emphasize ways to stay secure while teleworking.
- Increase email security. Train your employees on how to spot a phishing attempt by paying close attention to URLs and reading emails carefully, even those appearing to come from a known sender. Ask them to avoid opening unknown or unexpected email attachments (especially compressed or ZIP files) or clicking on links.
- Separate your important data. Reduce the damage of a potential security breach by making sure your data isn’t all stored on one device or in one place. For instance, don’t keep your payroll information on the same device you use to process credit card payments. That way, if one of your devices is compromised, some of your data will still be safe.
- Implement an incident response plan. Documenting what to do in the event of a security breach—such as who to notify and where backups are stored—can save your organization valuable time in a crisis.
At Navy Federal Credit Union, we’re always monitoring for security threats, and we partner with you to protect your personal and business accounts. Visit our Security Center for more ways to further protect your accounts.