There’s no denying that business today is a digital process, and certainly will be moving forward. Businesses access the digital space for numerous functions, including marketing, email communications, cloud computing, and even for processing financial transactions. What business owners may not be aware of is that digital information theft has surpassed physical theft. This means that businesses need to take every precaution to prevent cybersecurity attacks and minimize the threat of data breaches to remain secure.
October is Cybersecurity Awareness Month, a tradition established in 2004 to remind consumers and businesses to reevaluate their cybersecurity practices and systems. In honor of the occasion, we will outline the best practices businesses can use to decrease their risk and increase their protection against cyber threats.
Cybersecurity By the Numbers
- According to security.org, over 24 million U.S. households have fallen victim to account takeover fraud, and 58% say the breach occurred within the last 12 months.
- The average value of financial losses from these types of account takeovers is nearly $12,000.
- 60% of account takeover victims report using the same password as the compromised account multiple times.
- According to IBM, the average cost of a business data breach in 2021 was $4.24 million.
Worries Over Cybersecurity Remain High
The Travelers Companies, Inc. recently released its 2022 Travelers Risk Index, and the results show that cyber threats remain a top concern for businesses. The survey included 1,200 participants and found that 57% believe a future cyber-attack on their company or organization is inevitable.
“Cyber-attacks can shut down a company for a long period of time or even put it out of business, and it’s imperative that companies have a plan in place to mitigate any associated operational and financial disruptions,” said Tim Francis, Enterprise Cyber Lead at Travelers.
“Effective measures that have proven to reduce the risk of becoming a cyber victim are available, but based on these survey results, not enough companies are taking action,” he said.
So, what are the factors holding businesses back? According to the survey, overconfidence, a lack of action surrounding specific prevention measures, a lack of an incident response plan, and infrequent cyber assessments top the list. Even well-known security features like multi-factor authentication were reported as underused, with only 52% of companies saying they implemented the practice.
So how can your business stay safe when surrounded by cyber threats? Keep reading for our list of best practices to increase cybersecurity for your business.
Tips and Best Practices for Preventing Cyber Attacks
Use a Password Manager
Password managers use an encrypted database with one very complex password that is used to store and protect all your other passwords. A password manager will even generate strong passwords for you, and you’ll never have to try to remember all your individual passwords again.
Using a password manager is a great way to not only protect your passwords from prying eyes online but prevent the temptation to use the same password repeatedly. Most breaches are the result of passwords that are easy to figure out or have been used so often that they are compromised.
Secure Wi-Fi Networks
Wi-Fi networks used for business purposes should always be secure, hidden, and encrypted. Wireless access points or routers can be set up to hide the network name, also known as the Service Set Identifier (SSID). And of course, set a password to protect access to the router.
Enable Multi-Factor Authentication
There are different methods of multifactor authentication, including emailed or text messaged codes that can be used to prove your identity. This adds another layer of security to accounts by forcing you to enter a security code that was sent directly to your phone, email, or computer, thereby ensuring you’re the one attempting to log in.
Set Up Firewalls
Firewalls are designed to control the information that passes between your network and the rest of the internet. They prevent viruses, malware, and other malicious information from accessing your network while simultaneously preventing specific data from exiting.
Malware Protection/Antivirus Software is Key
Maintaining an online presence in any format without properly establishing malware protection software is a recipe for disaster. This type of software is designed to block viruses, Trojans, and more from attacking your data, and even alerts you when an attack is suspected.
Pay Attention to Mobile Device Security
A growing number of businesses are using mobile devices as productivity tools for their employees. While this might make sense from an efficiency standpoint, what it also does is increase the risk of data breaches from those mobile devices, especially if businesses don’t take steps to monitor employees’ activities.
Businesses should implement an action plan for mobile devices that includes requiring password protection, encryption, and security apps to prevent unauthorized access.
Backup Your Files
Backing up your data ensures protection against those instances when data loss occurs. Follow the 3-2-1 rule – meaning you create three copies of backed-up data instead of just one. Store one copy on your computer, another on an external hard drive, and a third on an off-site location like the cloud.
Take Special Care with Financial Transactions
Whether it’s making business purchases or processing customer payments, financial transactions that occur on the web deserve care and attention. Banks and processing companies can help ensure you’re using the most up-to-date tools and anti-fraud technology.
Keep payment systems separate from other programs to reduce the chances of a data breach that could include sensitive financial information.
Update Your Devices
It can be all too easy to ignore that recurring message reminding you it’s time to update your software or hardware programs. But doing so puts your information at risk. Manufacturers frequently include security patches in their periodic updates that are designed to solve potential security problems.
A good piece of advice is to set your applications to receive automatic updates, which will be downloaded and installed as soon as they become available.
Don’t click on everything!
Emails are especially susceptible to what’s called “phishing attacks.” We all get them in our inboxes – emails claiming that an account has been locked or asking you to offer up your login information for some reason or another. These emails are designed to look legit, however, they really come from scammers seeking to “phish” your information.
One way to avoid these types of scams is to check the actual email address the sender used. You can hover over a link or click on the email address in the sender box to see the full address. If the email address looks suspicious in any way or is simply a long string of letters and numbers, report it as spam and delete it right away.
Train Employees to Identify Threats
Business owners can take as many measures as they like to attempt to secure their data, but if employees are not educated on the dangers of cybersecurity threats, then all that work might be in vain.
Regular meetings with employees, discussion of the topic, and specific training programs aimed at educating employees on the risks and processes to follow will help develop a culture of safety within your organization.
Businesses face a growing number and variety of cybersecurity threats, and studies show that most business owners hold the issue as a top concern. And while the public is more informed about the risk of cyber-attacks than ever before, it seems that business owners are slow to adopt practices and utilize resources that might better protect their assets and those of their customers.
In honor of Cybersecurity Awareness Month, the Travelers Institute is hosting three educational programs for businesses and the public free of charge. A webinar will be held on October 12 to discuss new reporting requirements included in recent legislation regarding cybersecurity. In-person programs are scheduled for October 4 and October 13 in St. Paul, Minnesota, and Los Angeles. Interested parties can visit the Travelers Institute events page for information and to register.