Picture this- it’s the year 2020. Technology rules our everyday lives and the security of our data is persistently threatened by cyber attacks. Sounds intimidating, right?
The reality is that we live in a world inundated with security threats, most of which we haphazardly ignore because they exist organically in our everyday environments.
Scott Stuart, LinenMaster’s Director of Information Security believes that,
“educating ourselves and those around us is the best way to stay protected. I recommend company-wide security training take place no less than annually because our employees are our last line of defense. When all other security measures have been defeated, a savvy employee can still prevent a security attack if they know how to spot it and how to act on it once they identify a threat”.
What else can you do to stay safe? Here are some common tips and best practices to keep yourself and your business protected (source: US Small Business Administration):
Understand comment threats:
Malware (malicious software) is an umbrella term that refers to software intentionally designed to cause damage to a computer, server, client, or computer network. Malware can include viruses and ransomware.
Viruses are harmful programs intended to spread from computer to computer (and other connected devices). Viruses are intended to give cybercriminals access to your system.
Ransomware is a specific type of malware that infects and restricts access to a computer until a ransom is paid. Ransomware is usually delivered through phishing emails and exploits unpatched vulnerabilities in software.
Phishing is a type of cyber attack that uses email or a malicious website to infect your machine with malware or collect your sensitive information. Phishing emails appear as though they’ve been sent from a legitimate organization or known individual. These emails often entice users to click on a link or open an attachment containing malicious code. After the code is run, your computer may become infected with malware.
Cybersecurity best practices
Train your employees
Employees and emails are a leading cause of data breaches because they are a direct path into your systems. Training employees on basic internet best practices can go a long way in preventing cyber attacks. The Department of Homeland Security’s “Stop.Think.Connect” campaign offers training and other materials.
Training topics to cover include:
- Spotting a phishing email
- Using good browsing practices
- Avoiding suspicious downloads
- Creating strong passwords
- Protecting sensitive customer and vendor information
Protect sensitive data and back up the rest
Back up your data
Regularly back up the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Back up data automatically if possible, or at least weekly, and store the copies either offsite or on the cloud.
Secure payment processing
Work with your banks or card processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations related to agreements with your bank or processor. Isolate payment systems from other, less secure programs and do not use the same computer to process payments and surf the Internet.
Control physical access
Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.