October is cybersecurity month. Ensure you are educated about the risks – and possibility! – of cybercrime to your business or organization.
Regardless of the size of your business, cyber-attacks and data breaches are the new, frightening reality for businesses big and small. And with so many entrepreneurs and businesses moving their operations online, cybercrime becomes just that much more of a threat.
That’s why it’s so important to educate yourself so you aren’t caught unaware and potentially vulnerable.
If your business even publishes content that contains personal or business details online, it can be vulnerable to a variety of security exposures. Businesses need to ensure that significant care is taken when securing all electronic devices that contain employee, client, volunteer and/or member information and data.
Stolen laptops, mobile phones, tablets, and USB flash drives offer valuable access to your company’s network – hugely problematic, even dangerous, in the wrong hands! Viruses can also be a huge threat to your digital assets, data, network, and systems. Others include online hackers, e-extortion, defamation and libel to your brand, and website hijacking where your legitimate information and materials are replaced with bogus data.
If yours is a business that engages in e-commerce or if you store electronic data or if you use computers for any reason for your business, you could find yourself at risk for some kind of data breach or cyberattack.
Cyber attacks – how do they happen?
Every day, malicious hackers devise new and ever more advanced techniques to attack businesses and organizations. When you own a business, there is no shortage of day-to-day stresses. Well, you can now add cybercrime to the list – and the number of potential cyberattacks is a long one!
The most common attacks include:
- Malware: Software, designed to be harmful, takes control of a machine, system, or network, monitors a user’s actions and relays any confidential data from the infected computer or network to the hacker.
- Phishing: An attacker, under the guise of a trusted organization, individual, or business, tricks a user into taking a specific action – clicking a bad link or opening a harmful attachment – that they might not ordinarily take.
- Ransomware: A software that encrypts documents or files to prevents access by the user and subsequently demands payment for their safe recovery. This happens after clicking a bad phishing link or visiting a website that’s compromised.
- Denial of service attack: The hacker inundates a website with so much traffic that it’s impossible for legitimate visitors to access.
- Spoofing: A cybercriminal impersonates another computer, device, or user or device to strike network hosts, steal data, spread malware, or divert access controls.
- Brute force: The cybercriminal tries to decode encrypted data by attempting to use as many password combinations as possible, as rapidly as possible.
A month dedicated to the awareness of cybersecurity is great, but here are several ways you can be proactive to ensure your business, from an electronic and data perspective, is more secure:
Utilize surge protectors and uninterruptible power supplies (UPS). Every computer and device on your network should be connected to an uninterruptible power supply (UPS). A UPS will provide you with time and battery life to save your valuable data in the event of an unexpected disruption in power. For those any non-networked equipment or electronics that are less sensitive, standard surge protectors will be sufficient.
Be sure to limit access to your user data and information. If you’ve adequately limited access to your valuable user data minimized the opportunity to fall victim to human error – perhaps surprisingly, the primary security threat when it comes to information.
It’s estimated that 80% of cyber incidents are, in fact, inside jobs. Disgruntled employees, with access to sensitive materials and data and, in their minds, motive are a huge problem to the cybersecurity of a business. When an employee leaves the company or transfers to a different department, be proactive to protect your business or company division. Delete accounts and passwords from all systems. Don’t forget to collect keys and relevant ID badges.
Install and utilize firewalls for software and hardware, alike. Firewalls are vital to help prevent and protect your data. From the inappropriate online browsing of employees to malicious hackers, firewalls provide solid protection for your business systems. Be sure they’re installed and up-to-date on every business networked device, computer, and mobile phone for yourself and every employee. Don’t forget your workers off-site, even if your business and employees utilize a virtual private network (VPN) or a cloud service provider (CSP). For extra protection and security, you can consider installing an intrusion detection and prevention system (IDPS).
Use email and web filters. You can use email and web browser filters to discourage hackers and prevent irritating spam from congesting your team’s inboxes. An additional option is to utilize “blacklist” services that will block users from browsing perilous websites that pose risks of malware.
Discourage your employees from visiting websites known for their risks to cybersecurity – pornography, for instance. Keep in mind, while this might be awkward to address with the team, it only takes one misstep online to the wrong website to download damaging malware, even inadvertently.
Regularly patch your software and operating systems. Whenever you install a new app, it can leave you vulnerable to security breaches. To prevent a possible cyberattack, patch and update all the software regularly on every computer and device used for your business, including by employees.
Do not delay with updates to your operating system. They will often include enhanced, or even new, security features you’ll want to have. When you purchase a new computer system or install a new software product, be sure to check for most recent updates. Note: software products and companies don’t have to provide security updates for out-of-date products.
Secure all wireless networks and access points. To ensure the most secure wireless networking, follow the router best practices:
- When you get a new device, change the admin password
- Fix the wireless access point so that it doesn’t relay the service set identifier (SSID)
- Set the router to use WiFi Protected Access 2 (WPA-2), with the Advanced Encryption Standard (AES) for encryption
- Steer clear of using WEP (Wired-Equivalent Privacy)
If you offer guest access to WiFi, use a different network from your business activities.
Utilize encryption for all sensitive company and business information. Protect all business computers and electronic devices as well as all sensitive electronic information safe with full-disk encryption. When you save your encryption password, keep it in a secure location apart from backups you’ve got stored.
While email recipients will likely require the same encryption capability to decrypt, never ever send passwords or keys in the same email as an encrypted file or document – provide it by phone or some other way.
Adequately train your employees in cybersecurity measures. One of your best protections against cybersecurity threats is a cyber-vigilant team of employees.
Your employees must understand:
- The distinction between personal and business emails and what is permitted
- How sensitive business data and information should be handled both in the office and while working at home
- Actions to take if a breach occurs
All new employees should be trained immediately regarding the protection of valuable and sensitive information and data. Institute an information policy and have them sign. To foster a culture of cybersecurity in your office, make use of newsletters and regular training to ensure your company stays up-to-date in cybersecurity measures.
Dispose of outdated media and old computers securely. Before you load up your old computers for donation or recycling, you must clear all hard drive information, important and otherwise – take nothing for granted when handing your business computers off. Delete all sensitive data on old flash drives, CDs, and other old media and then destroy them.
Commercial insurance that includes cyber coverage
Cyber attacks and security breaches are increasingly common in Canada. Every day businesses are dealing with the dangers of viruses, loss of data, damage to networks, and the theft of information. Unfortunately, most conventional commercial insurance policies have been developed to protect the physical assets of a business, not virtual assets such as software, applications, and data.
Cyber liability insurance policies in Canada can cover business interruption – lost income in the event that you’re forced to stop operations due to a cybersecurity-related event. However, chances are your standard commercial insurance policy may not cover the risk of a cyber attack or data breach, or it is likely rather limited.
You should talk to your insurer to explore the options for protecting your business specifically from cyber risk.
Questions about your commercial insurance and the risks online? Talk to us to ensure you’re properly protected.