Protect Your Business From Cybersecurity Threats

Cybersecurity threats are an extremely menacing problem for business across the globe. Due to today’s ever-growing technological landscape, these threats are constantly changing, and cybercriminals are always finding new ways to infiltrate business systems and wreak havoc on company operations. In this article, we are going to explore the measures you can implement in your business practices that will help negate the likelihood of cyberattacks, allow you to recognize potential cyberthreats beforehand, and the processes you should have in place in case your business does fall victim to a cyberattack.
 
Before we discuss preventative measures for cybersecurity, however, it’s important to be familiar with the different types of scams that cybercriminals will typically utilize. Below are links to some of our articles that discuss these scams in depth:

As previously stated, these scams are among some of the more common scams used by cybercriminals, however, this is not a finite list. There are hundreds of different types of scams and criminals are constantly finding new ways to attack their victims. However, by utilizing the following safety information and implementing precautionary measure into your business practices, you can greatly decrease the likelihood of these attacks and better protect yourself, your business, and your customers.

Basic Cybersecurity
  • Update your Software- Regularly updating your software for all apps, web browsers, and operating systems will allow them to better fight off viruses. You can also set up updates so they happen automatically.
  • Back Up your Files- Make sure that you back up important files and documents offline, on an external hard drive, or on the cloud.
  • Use Strong Passwords- Make sure all devices are protected with strong passwords that are unique and at least 16 characters in length.
  • Encrypt Devices- Any device containing sensitive, personal, or financial information should be encrypted. This will protect it from unauthorized access by converting the information into an unreadable code.
  • Utilize MFA- Multi-factor authentication (MFA) is a login procedure that requires at least two steps. Examples include biometrics, temporary passcodes sent to another device, or security questions.
Wireless Network Protection

Unsecure wireless networks are an ideal entry point for cybercriminals. Make sure to protect your networks by implementing the following measures:

  • Secure your Router- Be sure to change your routers default name and password when first installing your router. Also, be sure to turn off remote management and log out as administer once set up is complete.
  • Equip with Encryption & Strong Passwords- As previously mentioned, your router is a device you should make sure is equipped with strong passwords. Make sure that your router also offers WPA2 or WPA3 encryption and that it is currently turned on so that information sent over your network is dually protected.
  • Secure Remote Access- If your employees or vendors are allowed to access your network remotely, it is especially important that they utilize the two previous security measures and that they never access your network via public Wi-Fi. Public Wi-Fi does not provide a secure internet connection on its own, however, it is possible to utilize a VPN to encrypt data while using public Wi-fi if you deem it absolutely necessary.
Email Authentication Technology

Email authentication technology allows a receiving server to verify an email from your company and block emails from an imposter. It also has the capability to send potential imposter emails to a “quarantine” folder and then notify you about them. This technology makes it harder for imposters to send phishing scams to you and your employees.

To truly enable email authentication, your email provider must provide:

  • Sender Policy Framework- This technology communicates with other servers and tells them which servers are allowed to send emails using your business domain. If the receiving server can confirm that the sending server is on an approved list, then the email will be let through. If not, the email will be flagged.
  • Domain Keys Identification Mail (DKIM)- This technology puts a digital signature on outgoing mail so that receiving servers can verify that the email exhibiting your domain was indeed sent from your organization’s server and has not been tampered with in transit.
  • Domain-based Message Authentication, Reporting, & Conformance (DMARC)- The last type of technology your email provider must provide for email authentication verifies that an email address matches the “from” address you see. It also allows you to tell other servers what to do when it receives a suspicious email. This can include rejecting the email or flagging it as spam.

If the above technology does alert you that someone is attempting to enact phishing schemes or other types of email scams on you, your employees, or your customers, it is important to:

                   - Report the scam to local law enforcement and a government agency (IC3.gov or FTC.gov)

                   -Notify your customers immediately if they are the target in an email scam impersonating your business

                   -Alert your staff

Website Hosting

Another facet of your business that you want to make sure is secure is the manner in which you host your website. There are many web-hosting options, one of the most important capabilities, however, is Transport Layer Security (TLS). TLS helps protect your customer’s privacy by making sure that they navigate to your real website when they type your URL into the address bar. When TLS is correctly implemented into your website, your URL will begin with https://. TLS also encrypts all of the information sent to your website. That functionality in crucial especially if you ask customers for their sensitive or financial information such as credit card numbers. 

Physical Security

Strong cybersecurity begins with implementing strong physical security measures. Lapses in physical security can result in exposed company data. Exposed data can be potentially vulnerable to identity theft or other fraudulent behavior that can have serious repercussions. Follow the tips below to ensure the protection of information on paper files and on hard drives, flash drives, laptops, point-of-sale devices, and other equipment.

  • Securely Store Files & Devices- Any paper files or electronic devices consisting of sensitive information should be securely stored in a locked cabinet or room.
  • Limit Access- Only allow access to devices or records that contain sensitive information to those who absolutely need it.
  • Send Reminders- Periodically remind employees to secure their paper documents, log out of your network and applications, and never leave devices or files containing sensitive information unattended.
  • Track Sensitive Information- Keep track of devices that collect sensitive company or customer information. Only keep files and data that you need and know who has access to them.
  • Shred Documents- Always shred documents with sensitive information when disposing of them.
  • Ensure Data is Erased Correctly- Use specially designed software to erase data before discarding old devices. Do not solely rely on the “delete” button, it will not legitimately remove this data from the device.
  • Know the Response Plan- All staff should know the procedure if equipment or paper files are lost or stolen. This includes who to notify and what they should do next.
NIST Cybersecurity Framework

As previously mentioned, it’s important for all your employees know the response plan for when sensitive data becomes compromised. A good way to this is by educating them on and utilizing the NIST Cybersecurity Framework. The NIST is the National Institute of Standards and Technology at the US Department of Commerce. It helps businesses understand, manage, and reduce cybersecurity risks. The 5 actions that the NIST cybersecurity framework consists of is: Identify, Protect, Detect, Respond, and Recover.

  • Identify- List all the equipment, software, and data your company uses including all devices. Also, create and share a company-wide cybersecurity policy that details roles and responsibilities for your employees and vendors.
  • Protect- This includes controlling who can log on to your network and devices, using security software to protect data, encrypting sensitive data, regularly backing up your data, updating security software, establishing policies for safely disposing of files and old devices, and training all who use your network/devices about cybersecurity.
  • Detect- Monitor your devices, network, and software for unauthorized personnel access and investigate any unusual activities on your network.
  • Respond- Have a plan in place for:

              -Notifying, customers, employees, or anyone who’s data might be at risk.

              -Reporting the attack 

              -Containing and investigating the attack

              -Updating your cybersecurity policy and plan

              -Preparing for inadvertent events that may put your data at risk

  • Recover- After an attack, you should repair and restore the equipment or parts of your network that were affected and keep your customers and employees informed of your response and recovery activities.

For a more in-depth look at the NIST Cybersecurity Framework, explore this article by the FTC here.

Vendor Security

If you have vendors who have access to sensitive company data or that rely on using your network to conduct operations, it’s important that you make sure these same security measures apply to them as well. Ways to monitor that your vendors are meeting these standards are:

  • Put Provisions in Writing- Include provisions for security in your vendor contracts. Include things like updating security controls periodically and ways to go about disposing of company information. It’s important that you also make provisions that are crucial to your company non-negotiable.
  • Adhere to Compliance- Establish processes so you can confirm that vendors follow your procedures and provisions.
  • Stay Up to Date- Cybersecurity threats change all the time, make sure your vendors are making changes to their security procedures as needed.
Cyber Insurance

Even with the preventative measures we discussed and the process of having a recovery plan in place before the event of a cyberattack, recovering from a cyberattack can be extremely costly. Another, option you can use to further minimize the damage from cyberattacks is opting in for cyber insurance. If you think this would be a good option for your business, discuss coverage options with your insurance agent including whether first-party or third-party coverage would be best for you. For more information on cyber insurance and its coverage types, check out this article from the FTC: FTC Cyber Insurance Information