With so many high-profile cyber attacks taking place, many business owners are wondering whether their business is safe. And let’s face it – everyone depends on technology these days, so cause for concern is warranted.
Here are 5 things you can do right now to help guard your business against cyber disasters.
1. Don’t fall for email phishing scams
What is phishing? The most common cyber attack vector by far is email. While it’s true e-mail threat detection has improved over the years, it’s still far from perfect. More importantly, scammers have mastered the art of crafting emails that look legitimate. These are what is known as phishing scams.
Here are some examples of common phishing scams.
- A fake message pretending to be the CEO of a company sent to accounting, asking for an immediate transfer of funds
- Emails that appear to come from a banking institution (complete with logo and letterhead) asking you to click on a link and verify your account details. The link in question leads to a fake phishing page that records your password
- An email that appears to come from the Canada Revenue Agency (CRA) threatening jail time unless the victim makes an immediate bank transfer
How to mitigate e-mail phishing attacks:
- When in doubt, pick up the phone and call. NOTE: Do *not* call the numbers in the suspected email. Use the company’s advertised number or, in the case of the CEO, use your boss’s cell.
- DON’T click on any links in emails unless you know for sure where it came from. Clicking a bad link can download malware onto your PC and possibly spread to your company’s network.
- If you aren’t sure how to tell whether an email is legitimate, talk to your IT administrator. Better to be safe than sorry!
- Have your IT department configure anti-spoofing on your email system. Technologies like SPF & DKIM are easy to implement, and designed to help mitigate e-mail impersonations.
2. Protect your data both inside and outside the office
Many companies spend inordinate amounts of time & money to protect the data that’s on their network. They implement firewalls, VPNs and all sorts of technology trying to keep their servers safe. But what they don’t do is protect the data that leaves the office. Once data leaves your network, you have no control over it.
In an ideal world, most companies would have a strong data policy & well-trained employees. However, people are often susceptible to mistakes.
How do you protect your company data when it’s not inside your network?
Use encryption to safeguard your devices
Picture this: you’re on a business trip, sitting at the airport café. You leave your laptop on the table while you get up to use the washroom. You return only to find out your laptop is suddenly gone, along with all the data on it. What now?
The only way to protect the data on stolen devices is with full-disk encryption. In a nutshell, encryption scrambles the data on a device so that it can only be accessed using a decryption key, or passphrase. With the technology that we have today, every business should be using encryption to protect their mobile devices.
3. Use two-factor (2FA) authentication
Also known as multifactor (MFA) authentication, two-factor authentication is one of the simplest methods of protecting your online accounts. This is because even your password gets stolen, the attacker still needs access to your phone (or USB key). Some older methods also use text messages to verify, although this is slightly less secure.
For more info on how to set up two-factor authentication, check out the guide we wrote here: Protect your online accounts using 2-factor authentication
4. Plan for disaster before it happens
The best defense is a good offense
The same goes for your IT strategy. What should you do in the event of a cyber-attack, natural disaster (such as an earthquake or flood) or a cyber-meltdown? How about your staff: Are they educated on what to do? Who to contact?
If you don’t already have a disaster recovery plan in place, it’s a good idea to dedicate some time to drafting one up. Make sure you explore as many scenarios as you can, within reason.
No backups? No chance!
While having a good backup goes without saying, here’s a couple things you can check to make sure your backups are up to snuff:
- Make sure your backups are functioning correctly. The only way to be sure is to test your backups regularly – don’t wait to find out in the middle of a disaster scenario that your backups are corrupted!
- Make sure your backups are stored securely in an off-site location. The last thing you want to be dealing with during a disaster such as an earthquake, flood or fire is a complete loss of data.
5. Let the pros do the heavy lifting
Phishing, ransomware, malware, viruses, DDoS attacks – oh my. You’re probably wondering, how am I supposed to stay on top of all this? Fair question.
How to know whether it’s time to hire an IT partner
- Do you feel at risk of losing critical & sensitive data – forever?
- Are down-or-broken systems preventing employees from doing their best?
- Wasting time dealing with complex IT solutions that don’t work well?
- Lack a clear IT strategy – leaving your company at risk in several areas of the business?
- Constantly reacting to problems without a pro-active plan or monitoring in place?
- Losing sales with systems that are not handling customers’ demands or workloads?
- Feeling overwhelmed with IT challenges?
You’re not alone. If you’d rather focus on growing your business, Leap Cloud Solutions can help!
We stay on top of the latest technology trends so you don’t have to. Allow Leap Cloud Solutions to help you plan, budget & implement your next IT project – schedule a consultation today.