How can small-business owners protect themselves and their customers? Since plenty of cyberattacks can be attributed to automation, putting basic protections in place against phishing, malware, and more can help your site stay off the path of least resistance.
Here are five ways to boost your small-businesses cybersecurity.
1. Use a good password manager.
There’s an exhaustive amount of password advice floating around in the ether, but the most important is this, Don’t reuse the same password on multiple sites. It’s a difficult rule to stick to for convenience’s sake, especially since 86% of internet users report keeping track of their passwords via memorization. Still, cybersecurity experts recommend password managers as an efficient and secure way. Free password manager options include LastPass, Myki and LogMeOnce.
2. Set up email account recovery methods to protect against phishing attacks.
Phishing attacks are an enduring cybersecurity problem for large and small businesses alike: 83% of respondents to Proofpoint’s annual phishing survey reported experiencing phishing attacks in 2018, an increase from 76% the year before. Embracing a more cyber-aware culture, including staying vigilant about identifying potential phishing attacks, suspicious links and bogus senders is key to email safety.
If you’re a Gmail user, recent company research suggests that adding a recovery phone number to your account could block up to 100% of cyberattacks from automated bots, 99% of bulk phishing attacks and 66% of targeted attacks. It’s helpful because in the event of an unknown or suspicious sign-in, your phone will receive either an SMS code or an on-device prompt for verification. Without a recovery phone number, Google will rely on weaker challenges such as recalling last sign-in location, and while that still stops most automated attacks, effectiveness against phishing drops to 10%.
3. Back up your data regularly to protect against ransomware.
Ransomware a cyberattack in which a hacker holds your computer access or data for ransom has kicked off a “frenzy of cybercrime-related activities focused on small and medium businesses,” Loveland said. In fact, it’s the second leading malware action variety in 2019, according to the Verizon report, and accounted for 24% of security incidents. Hackers generally view it as a potentially low-risk, high-reward option, so it’s important to have protections in place for such an attack namely, have your data backed up in its entirety so that you aren’t at the hacker’s mercy. Tools such as Google Drive and Dropbox can help, as well as automatic backup programs such as Code42 (all charge a monthly fee). You can also purchase a high-storage external hard drive to back everything up yourself. And this is only a way to protect your data from ransomware.
4. Enlist a dedicated DNS security tool to block suspicious sites.
Since computers can only communicate using numbers, the Domain Name System (DNS) is part of the internet’s foundation in that it acts as a “translator” between a domain name you enter and a resulting IP address. DNS wasn’t originally designed with top-level security in mind, so using a DNSSEC (DNS Security Extension) can help protect against suspicious websites and redirects resulting from malware, phishing attacks and more. The tools verify the validity of a site multiple times during your domain lookup process. And though internet service providers generally provide some level of DNS security, experts say using a dedicated DNSSEC tool is more effective — and free options include OpenDNS and Quad9 DNS. “[It’s] a low-cost, no-brainer move that can prevent folks from going to bad IP addresses,” Loveland said.
5. Signing up with a website security company.
Paying a monthly subscription to a cybersecurity security company may not be a good deal, but it could end up paying for itself in terms of lost business due to a site hack or a cyber attack. Decreasing attack vulnerability means installing the latest security patches and updates for all of your online tools as promptly as possible, which can be tough for a small-business owner’s routine.
It’s tempting for a small-business owner to say, I’m pretty handy I can do this myself, But the reality is that even if you’re very technical, you might not be working around the clock, and you’re taking on 24/7 maintenance and monitoring. It’s certainly money well spent to have a large organization doing this for you.”
I am a Cyber Security expert cover cybercrime, privacy, security and surveillance, consumer technology, and anything else that seems interesting.