The cyber warning bells have been going off for almost a decade now, but they seem to be falling on deaf ears.
As we mentioned in a previous article, the cyber security in the US government is severely lacking, but so is the cyber security in our public sector; in fact, US businesses are lagging so far behind, our Secret Service even issued a security alert in response to the number of cyber criminals targeting employees who are working from home because of the Coronavirus.
Have we mentioned that hackers have ZERO shame?
In this dangerous environment, you need to take control and make sure your employees do all they can to secure their home offices, or they may not have a job to work for. You may think they have done everything possible to secure their home computers, but that is extremely naive, and it’s not reality.
Did you know that an ordinary, run-of-the-mill cybersecurity attack costs a small business, on average, around $200,000.
As if that wasn’t bad enough, of those businesses who find themselves on the losing end of a cyberattack more than half of them end up shutting down…
In under six months.
If you own a small business you should find these statistics unsettling at the least, and terrifying at the most.
With a lot of employees staying home and working rather unexpectedly, it didn’t give IT departments all that much time to secure home office spaces, but fortunately, there are a number of actions you can take to protect yourself, your employees and, ultimately, your business, which I will discuss below:
Limit employee use of remote access.
This should only be used when absolutely necessary, and if they do access, they need to be instructed to disable it ASAP.
Why? According to an FBI public announcement, this is the most common way that hackers gain access to businesses’ networks, allowing them to wreak havoc by setting ransomware free.
It is YOUR job to make sure your company’s ports are secure.
Train your employees on Cyber Security.
It isn’t safe to assume that your employees know how to detect potentially unsafe cyber threats. In fact, if it weren’t for human error, hacking would be much more difficult.
What do I mean by that? Well, only a human can click on a phishing email, but if they are trained to spot red flags, they’re a lot less likely to accidentally unleash a malicious virus.
If you don’t take the time to properly train all your employees? You only have yourself to blame.
You must ensure every device on your network is secured with PROACTIVE antivirus software.
Highlighting PROACTIVE by capitalizing it and changing the font color to red? Yeah, that was NOT an accident.
Not only is it recommended by the FBI AND the Department of Homeland Security, but I strongly urge small businesses to take this step, as well. Proactive antivirals help to PREVENT the attacks from even occurring in the first place, and you know what they say about prevention versus a cure, because even if you pay a ransom, there is no guarantee that the attackers will actually keep their word.
Work devices are ONLY for work.
You have to make this a policy, and there should be potential punishments in place for those caught on sites that aren’t allowed or checking personal emails. In fact, restricting most websites can also be extremely effective. Otherwise, your network is at serious risk of a breach.
Strong password policies are a MUST.
Weak passwords are one of the easiest ways cybercriminals can put your business at risk. There must be certain password rules in place, such as:
- Complex passwords only
- Upper- and lower-case letters required
- Special characters
- Automatic password changes must be required at least every three months, and they cannot be allowed to repeat passwords
As former FBI leader, Robert Mueller, once said:
I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.
Regardless of your political leanings, it is imperative for you, your employees and, ultimately, your small business, that you heed his warning.
Please feel free to forward this blog to your employees. Better yet, download our Remote Security Checklist and send it to your employees. And as always, if you have additional questions, you can always call us at tel:919-422-2607, or schedule a free consultation with Craig by using our online scheduler.
And most importantly? Stay safe out there.