1. Passphrases not passwords
As cybercriminals become more proficient at hacking and accessing your passwords through data leaks, the old way of creating ‘passwords’ is no longer effective. It’s now commonplace for your data to be compromised by a company that has a loose cybersecurity policy, so make sure you use passphrases and password managers to safeguard your accounts.
When using passphrases, incorporate symbols, numbers, and letters that are unique and memorable, making it harder for cybercriminals to hack. For example, ‘57 stray ducklings eating snails!’ is a random phrase, but almost impossible to crack for anyone. A good passphrase could be the difference between a couple of days and 36 years to crack your logins.
You can also remove the hassle of remembering your passphrases with a password manager. These are easy-to-use services that generate and store logins across your accounts and prompt changes for you.
2. Use Multi-factor Authentication
More and more software applications and cloud storage services require that you use multi-factor authentication (MFA) to get access to your accounts on top of logins. If you use any Google or Microsoft application, you are familiar with MFAs.
If you aren’t sure what an MFA is, basically, it’s a secondary security measure that needs to be ‘passed’ in addition to your passwords or phrases. An MFA attempts to authenticate that it is really you logging in by confirming via SMS, face recognition, or PIN code.
3. Cybercrime training and awareness
As phishing scams become more common and better developed by cybercriminals, spotting an email scam becomes increasingly tricky. This is why having training sessions for you and your staff to spot the hallmarks of a phishing scam (and more) will protect you from data and financial loss.
Training will help you identify what kind of scams are used by cybercriminals, like:
- Email phishing: a common scam method that involves you clicking on a malicious link, downloading a malware attachment, or accidentally revealing personal information.
- Spearphishing: highly personalised and targeted phishing scams that can look legitimate, especially if they imitate someone you know, like a friend, relative, or colleague.
- Smishing: SMS phishing, usually involving a link, attachment, or request for data.
- Vishing: phone call scamming.
4. Bolster your physical security
Ensuring your data, devices, and systems are physically safe is as vital as protecting your online accounts. Here are some safety tips to consider for your business:
- Lock away sensitive devices like laptops and hard drives, and never leave them in vehicles or insecure locations.
- Whether you work from home, office, or another environment, pay attention to access points, locks, and alarms.
- Never leave devices unlocked, unprotected by passwords, or with screens active.
- Never insert an unknown USB drive or hard drive into your devices.
- Know (and restrict) who has access to any sensitive physical location or device.
- Enable ‘find my device’ and other location-sourcing functions on devices.
5. Update software often and install antivirus software
By updating your software frequently, you limit your exposure to cyberthreats. Software providers like Apple, Google, and Microsoft usually include better cybersecurity measures in their updates. For instance, when new malware threats arise, a company like Apple would release hot fixes or emergency security updates to address them.
To increase the security of your devices, you can also download and subscribe to antivirus or anti-malware software. These services run in the background, scanning for and monitoring cyberthreats for you. They notify you if any malicious programs are detected, and prevent and remove them from your devices.
6. Enable and automate cloud backups
Backing up your data to cloud servers and other storage media, like hard drives, helps minimise the damage if you do get hacked. For example, if your device gets corrupted by malware, you can simply reset it to the factory default, then restore your system by downloading the uncorrupted backup. So have a backup of all your data in a separate place, such as cloud storage (think OneDrive), to help safeguard your business.
Protecting your small business from cyberattacks
By implementing these small but practical tips, you can better protect yourself and your business from harm. While cyberattacks can feel like the end of the world if they occur, they are common, and you can recover from them.
If you are a victim of cybercrime, there are plenty of resources and organisations like IDCARE and Scamwatch that can help you get back on track.
