No organization is too small to be victim to a cyber attack. That's why taking strong cyber security measures is crucial for businesses of all sizes. If you aren't sure where to start, consider implementing a few small steps that employees can take to start building your company's cyber security plan.
1. Create strong and unique passwords or passphrases
Passwords and passphrases are the first line of defense against cyber criminals that want to access your accounts and sensitive information. Strong passwords should include a combination of letters, numbers and symbols and should be at least 12 characters long. Consider using passphrases instead of passwords – they are easier to remember and harder for cyber criminals to guess. Your passphrases should include four or more random words and should be at least 15 characters long.
It's important that you don't reuse passwords or passphrases across different websites or accounts to avoid credential stuffing. You can use a password manager to store them, so you don't have to memorize them.
2. Use multi-factor authentication (MFA)
Multi-factor authentication (MFA) adds an extra layer of security to your accounts by requiring an additional piece verification on top of your password or passphrase. In recent studies, both Google and Microsoft determined that MFA blocks 99% of account hacks (PDF). Some examples of MFA include facial recognition, a thumb print, a code sent to your phone number or email address, a token or a PIN. To make the most out of MFA, make sure that you have it enabled whenever possible. Consider using an authenticator app as a standard across your company to protect all your employee's accounts.
3. Install the latest device updates
Keeping your software and your devices up to date is one of the easiest things you can do to get cyber safe, since updates often include security patches and new features. It's important that employees are performing updates regularly. You can set devices to automatically update software and applications whenever new versions are released under your device's settings. You can even manage what time you'd like your device to update so it doesn't interfere with work hours. You should enable automatic updates across all company-owned devices including smartphones, tablets, laptops and any other devices connected to your network.
4. Know how to spot and report phishing messages
Phishing attacks are one of the most common tactics that cyber criminals use to steal personal and financial information. Phishing messages can take the form of an email, phone call, text message or even social media direct message. Cyber criminals will pretend to be someone they aren't, like your bank, your boss or another employee. Phishing attacks have become more sophisticated than ever, so it's important that employees know how to spot the signs of a phishing attempt.
You should always be skeptical of unexpected messages (like, knowing your accountant would probably never need 100 gift cards urgently on a Tuesday afternoon). If you do receive a suspicious message, make sure there's a cyber security plan in place like contacting your IT department and using email reporting tools.
5. Back it up
Your company data is extremely valuable. That's why regular data backups are essential for protecting your hard work and being able to recover from incidents like loss, theft or ransomware attacks. There are a lot of storage options to choose from including cloud storage and external hard drives. To protect your data, we recommend automating your backups so your files don't need to be saved manually. We also suggest using more than one form of storage in case one of them is compromised (like using cloud storage and an external hard drive). You should regularly test your backup and restoration processes to ensure that your data can be recovered easily.
Conclusion
By adopting these five simple steps, everyone can play a role when it comes to protecting your business from cyber threats. For more information on what you can do to further enhance your company's cyber security posture, browse Get Cyber Safe's quick guide to cyber security for small businesses.