Cybercrime is no joke, and it’s becoming even more prevalent and catastrophic as this nefarious space evolves.

While the threat level of events like data breaches and phishing scams are rising, it’s also possible to combat most forms of cyberthreats and mitigate them with good IT hygiene and security best practices.

While complete immunity is not on the cards, you can radically reduce the possibility of falling foul to cybercrime and data loss with a quick checklist.

Let’s lay down a basic plan of action to significantly bolster your immunity to the cyberthreats facing your business operations, and your customer’s information.

1) Passphrases not passwords

Try to use passphrases instead of passwords – and change them regularly. A passphrase is often easier to remember and harder for criminals to crack.

Think of something unique like ‘57stray ducklings eating snails!’. Include spaces, characters, and numbers, depending on the requirements of your applications.

Don’t re-use the same passphrase for different accounts, attackers can find lists of previously breached passwords and commonly use these to try to break into other systems.  It’s a good idea to use a password manager to keep track of them all.

2) Use multi-factor authentication

These days, some software applications and cloud storage services will support multi-factor authentication. For the uninitiated, this simply means you need more than one authentication method for accessing cloud software, applications, and data.

So, if someone has your password, they’ll still need access to your authenticator app, biometrics, or mobile phone number to gain entry. This practice increases security exponentially. Microsoft Authenticator app is a good place to start.

3) Phishing and cybercrime training and awareness

Phishing scams have become much more prevalent and sophisticated over the last few years. Most phishing scams involve you being directed to a dodgy link, attachment, or website.

It only takes one erroneous click on an email or SMS link to expose your business to:

  • fraud
  • malware
  • ransomware
  • data theft

The dire consequences of any of these threats is hard to overstate for any business.

Even if you think you’re savvy at filtering out scammy emails, SMSs, and phone calls, you should invest some valuable time in doing some online phishing training, as many forms of phishing are now highly sophisticated and can come in many guises:

  • Email phishing (very common method which involves you clicking on a link or downloading an attachment)
  • Spearphishing (highly personalised and targeted phishing scams which can look legitimate)
  • Smishing (SMS phishing usually involving a link or attachment)
  • Vishing (phone call scamming)

4) Bolster your physical security

Keeping data, devices, and systems safe is as much about physical protection as it is online or digital protection.

  • Lock away sensitive devices like laptops and hard drives and never leave them in vehicles or insecure locations.
  • Whether you work from home, office, or another environment, pay attention to access points, locks, and alarms.
  • Never leave devices unlocked, unprotected by passwords, or with screens active.
  • Never insert an unknown usb drive or hard drive into your devices.
  • Know (and restrict) who has access to any sensitive physical location or device.
  • Enable ‘find my device’ and other location-sourcing functions on devices.

5) Allow automatic software updates and install virus protection

As threats and viruses evolve, companies will automatically update your software to keep you up to date. So long as you make sure you allow automatic updates or approve them regularly, you can help mitigate evolving cyberthreats.

Of course, in addition to enabling automatic updates, you should always install and update high quality virus protection software on all business devices.

6) Enable and automate cloud backups

Backing up your business and customer data is paramount. Think what would happen if you lost everything and had no backup? It could be catastrophic.

The best way to do this is to enable automatic cloud backups. Use a trusted cloud storage service and double down by using multi-factor authentication on all data access.

While this checklist is not an exhaustive guide to every way you can protect yourself from cyber-threats, it’s an excellent place to start. If you at least do the above, you’ve significantly improved your chances of keeping your business safe.

If you’d like more advice, read our small business cybersecurity article by Reckon’s CTO, Ed Blackman.