Every business needs good cyber security management and you can have it is just 6 steps:
Step 1: Most Important: Stay Current
Computers, operating systems, software, phone systems, etc. all have to be kept up to date. Anything else that connects to the internet must be also.
There are apps available for free, such as SOMos, that will keep all your apps updated. And they will tell you when those apps are out of date, which is important as the updates usually plug security gaps.
>>Looking for a printable cybersecurity guide to share? Download Phishing Prevention Cheat Sheet.
Step 2: Use Endpoint Security Software
Any device that is used to access your network is called an endpoint. That includes phones, tablets, desktop computers, laptops, internet of things (IoT) devices (“smart” TVs, locks, doorbells, thermostats, etc.) and even servers.
Endpoint security software, also known as antivirus or anti-malware software, monitors each one of those endpoints for malware and unusual behavior, allowing updates to be pushed to them remotely.
Step 3: Fish for Phishing Emails
Criminals are constantly finding new ways to compromise your data. One of the ways they do that is for them to go phishing through emails.
Phishing emails target small businesses as well as large. Be careful. As the old saying goes, “Do not judge a book by its cover.” Do NOT click on a link that looks like it leads to a company you do business with without checking it out first.
The best way to make sure it’s legitimate is to type in the URL of the company that sent it in your browser, not use the URL sent in the email. Once logged into the site, go to your notifications. You will have a message if the email is legit with the same offer or information in the email.
You can also hover over the link and read the URL. You might see words that look suspicious like “.ru” for Russia in the link URL. Or, you can roll over the FROM field to see if the email it was sent from has an unexpected address, like one that contains a personal name (e.g., johnqpublic@gmail.com) or a misspelling in the domain name (john@ammazon.com). If anything looks off, it is not from Amazon or PayPal or one of the other websites you traditionally use.
The best option with a suspicious email is to simply pick up the phone and call the company using a phone number you’ve used before (again NOT one that’s in the email).
Money Transfers/Gift Cards
Common sense is often your best bet in cyber security management. If you get an email from someone in your company that tells you your boss wants to give out gift cards at an event, think about it. Have you ever known your boss do that? Verify it in person. It is very likely a hoax.
Same thing if you get an email on your home account that makes you think there is some sort of breach to your email account and that asks you to help them corral the theft ring by buying gift cards and then giving them the pin. You would be surprised by the number of smart people who have fallen for this ploy. If it sounds fishy it is phishy!
Word Document Phishing
Once in a while, you might get an email from what looks like one of the companies you do business with, or from a friend that will have an attachment such as a Word, Excel or PDF file attached. Attachments can contain macros (think programs that run when the document is opened) that can infect your device with any number of nefarious things such as viruses, ransomware or keystroke loggers. DO NOT EVER ALLOW A FILE TO RUN A MACRO! By allowing a macro to run, you may be allowing an attacker to encrypt your data and hold it for ransom.
Be suspicious of every email and every text that asks you to do something. Never share sensitive personal information or financial information. Make sure it’s legitimate by a secondary means such as calling the sender by phone or talking in person if the email appears to have come from a colleague.
Step 4: Be Suspicious of Hacker Emails
Then there are those messages that say you’ve been hacked and the writer tries to blackmail by threatening to send embarrassing emails to your entire address book. You know those embarrassing emails are fake but maybe not everyone in your address book will.
As part of cyber security management, make sure that your email address is not located anywhere on the internet. If it is, change your email address and don’t publish it again. Never use your business email on LinkedIn. Hackers will not only be able to get info on you, they will be able to use it to send phishing emails to you that you think are coming from your boss or best friend or someone else in your circle.
You can check to see if your email has been hacked by going to https://haveibeenpwned.com. Type in your email address to see if it has been part of a publicized hack. If the attack was never publicized, it won’t be on this site, but it’s at least a partial check.
Step 5: Practice Password Protection
It’s hard to remember your passwords for all of the websites you visit but there are safer ways. Don’t fall into the trap of making them easy for villains to guess. Don’t reuse them on multiple sites. That’s what criminals count on. If they find any of your passwords, it will allow them to access one or multiple accounts. Make it hard for hackers and easy for you with a password protection manager.
There are very reliable password managers that we recommend. They will work on all your devices and will synchronize across them while encrypting and protecting your passwords. Most offer free and business or enterprise versions. The top few are:
With or without a password manager, it is important to USE A DIFFERENT PASSWORD FOR EVERY ACCOUNT YOU HAVE and change them frequently. LastPass and others can create strong, unique passwords automatically for you and prompt you to change them.
Once you get a password manager (or use your existing one), make sure they use multi-factor authentication (MFA) or two-factor authentication (2FA) , requiring you to provide an additional code when you sign in from a new device or after a long time away. For more information, check out our Multi-Factor Authentication Guide.
Step 6: Keep Personal Information Personal
Most importantly, keep your personal identification information (PII) and your personal health information (PHI) safe.
If you have any PII on your computer (either for yourself or others) and you need to send an email to someone with that information, encrypt it. Do not ever send any ID info over the internet without encryption. Also, look for the https:/ in urls. Don’t fill out any forms that don’t have an “s” following the “http.” The “s” signifies a securing layer on their site.
Ask Us About Cyber Security Management
Need help getting your business on track? Contact us or book a free no-obligation meeting, virtual or in person