By Amrita Khalid | Inc.
Now, more than ever is it crucial to elevate the cybersecurity measures at your company.
Small businesses have been easy prey for cybercriminals during the pandemic. A shift to remote work meant hackers had their pick of unsecured home networks and devices. Now, as many businesses move back to offices, it’s likely that the transition to different environments will create new opportunities for hackers. Savvy thieves often see small businesses as a “Trojan Horse” to the larger businesses in which they partner.
Panellists at a recent Chamber of Commerce shared tips on what businesses need to keep in mind to protect their data and assets from cyberattacks.
Ransomware comes in via email and can hide for several days
Some cyberattacks will do damage instantly, taking down all of your systems and locking you out. But some, such as ransomware emails, require more time to take root.
“So maybe an employee clicks on an email that goes through their device, and they send that email to somebody else that hits another application or device. It can be in your system for several days before you notice it,” said Tara Holt, senior product marketing manager at Iron Mountain. The delayed timeline is crucial to keep in mind as you nail down when and how a breach occurred.
Backup critical data, both on- and off-site
Holt and other cybersecurity experts encourage businesses to store a backup of their most critical data as a second line of defence, which should be both off-site and online. Your business may still be able to operate during a cyberattack, even in a limited context, if there’s a backup handy.
Make sure payment processors are PCI-compliant
An overlooked area of cybersecurity is your third-party payment processor. Businesses that make hundreds of transactions per day must ensure that security standards are in place to prevent theft. Most merchants that accept credit cards must adhere to the Payment Card Industry Data Security Standard or PCI.
A few credit card companies allow merchants that are not PCI-compliant, but tread carefully with them – you’ll likely be stuck with the bill in the event of a breach.
“An estimated 92 percent of victims who pay the requested ransom don’t get their data back.”
You can pay the ransom, but don’t expect to get your data back
While taking cybercriminals at their word is always a risky undertaking, when it comes to ransomware, few crooks are honest players. Businesses that pay ransoms must deal with the possibility that any data they get back will either be incomplete or corrupt.
Use a “zero-trust network” and multifactor authentication
Chances are, your team probably needs a refresher on what makes a strong, unique password, which can go a long way toward securing your systems. Best practices include combining three or more unrelated words – proper nouns are good – with numbers or special characters separating them.
Requiring the use of VPNs is also key. Sad Eastman, CEO of JobsInTheUS, says his company uses both an internal VPN and a third-party VPN for customers. “We do that because we believe it’s important for us to provide a secure environment for our employees to get in to do their jobs, but also a place for our customers,” he said.
Holt also suggests that businesses create what is called a “zero-trust network” that authenticates users every time they log in. Multifactor authentication, where users must enter a passcode that is sent to their phone or email, is another good safeguard.
“Adding in as many layers of security as you can, can really be that first step to protect you.” said Holt.