Did you know that a single cyberattack could cost your business millions? Moreover, the damage cyber-attacks cause to your brand could take years to repair.
In today's digital age, protecting your business against everyday cyber threats has become more critical.
Here are seven effective ways to protect your organization from common cyber threats.
1. Use Strong and Complex Passwords
Did you know many people still use “123456,” “111111” or 'password' as their password? It is shocking but true.
According to NordPass’s Top 200 most common passwords list for 2022, 'password' is the most commonly used password. Specifically, according to this report, this unbelievably weak password was used 4,929,113 times!
If you have not been alarmed yet, this one will alarm you: if you use 'password' as your password, it takes less than 1 second to crack.
The solution? When you set a password for any service, use at least 14 to 16 characters. By “characters,” I mean numbers or letters.
In addition to ensuring that your password is at least 14 characters, your password should also contain a combination of uppercase, lowercase letters, and special characters.
If you’re unsure what I mean by “special characters,” here are some examples: $, “, %, ^, ).
Earlier, I mentioned that it takes a hacker less than 1 second to crack 'password' used as a password. Do you know how long it will take to crack ‘oFfsWEsz8f3dke!)’ used as a password?
Simply put, using strong passwords greatly reduces the risk of unauthorized individuals accessing your important business data.
Finally, generating complex passwords is in itself complex! So, instead of trying to do it yourself, use a password generator and never write down your passwords.
2. Use a Password Safe to Manage and Share Passwords
According to a recent study by Nordpass, on average, a person has 100 passwords. I definitely have more than 100 passwords.
As a business owner, you probably have way more than 100 passwords.
In the last section, I mentioned that the first step to securing your business against cyber threats is to use complex passwords. However, I did not mention that apart from using complete passwords, you must use a unique password for all your services.
This means you cannot use the same password for your over 100 passwords! I know, I know, but how can you remember all these complex passwords?
I am happy to inform you that you need not remember 200 passwords. You just need to remember 1!
Introducing password safe or password manager!
A password manager lets you store your passwords securely in a digital safe. Moreover, you can also safely share the passwords with your colleagues and friends without compromising the password.
I have used Keeper, and now I am using Last Pass, but you can read PCMag’s Best Password Managers for 2023 to help you decide the best for your business.
3. Update Software Regularly
There is no doubt that most businesses use computers connected to the Internet. If you use a computer, it runs an Operating System - the software that allows you to sign in to and use your computer.
In addition to running an Operating System, your computer runs many applications. From time to time, the developers of the Operating System and applications will release updates.
These updates address what is known as "vulnerabilities." Software vulnerabilities are gaps or weaknesses that hackers may exploit to gain unauthorized access or cause harm.
Ensure you install the updates promptly, as this will protect your business from known cyber attacks.
4. Install Anti-virus and Anti-malware software
In my 3rd action for securing your business against common cyber threats, I mentioned that most business computers are connected to the internet.
Like most people, you use the internet to conduct legitimate business. However, there are some internet users dedicated to causing harm to legitimate users like you.
One way such bad actors harm computers on the internet is to create and distribute malicious software called “viruses” and “malware.”
These malicious applications can create “holes” and “backdoors” on your computer, and hackers may use these backdoors to gain access to or take control of your computer.
Therefore, to reduce the chances of this happening, ensure to install the latest antivirus on all your business computers.
5. Implement the Principle of Least Privilege
The “principle of least privilege” states that individuals should be granted the minimum access and authorizations required to perform their functions.
This means that, in your business, do not grant administrator access to a user that requires a lower role to perform their job.
So, next time you want to create an account for a user to access your accounting system, ask the question, “What access does this person need to do their job?”
Then, ask, “What permission do I need to grant the person for them to have that access?”
Equipped with the answers to the two questions, when you create an account for the user, grant them the access they need to do their job.
Using the “principle of least privilege” to manage your IT system drastically reduces exposure to common cyber threats.
6. Encrypt Sensitive Data
If your business has data that, if compromised, will be detrimental to it, apply an additional layer of security by encrypting the data.
Encryption transforms a piece of data into a form such that only people with a “decryption key” or special password can read the data. Earlier, I said that encryption adds a layer of security.
This additional layer of protection ensures that even though an unauthorized person gains possession of your business data, they cannot access it. So, in effect, the data is useless to them.
Windows 10 and Windows 11 have some in-built encryption technologies that you can implement without having to pay extra. For example, BitLocker Drive Encryption, Encrypting File System (EFS), and Device Encryption.
You can implement these Windows encryption technologies on your business laptops that contain sensitive information. So, if an employee loses the laptop, the data will not be compromised.
7. Train Your Employees and Create an Incident Response Plan
After applying the six actions I discussed above, your final steps are to train your employees and develop a cyber attack incident response plan.
As they say, knowledge is power. So, even though you have strengthened your business against cyber threats, if your employees are not aware of how to act against these threats, your business could still be vulnerable.
So, it is essential to educate your employees about the importance of cybersecurity. In addition to that, your training should also include the potential threats your business faces and what everyone can do to reduce the risks.
Furthermore, provide periodic training sessions on best cyber threat protection practices, such as creating strong passwords, avoiding phishing scams, and reporting suspicious activities.
Finally, we all know that no matter how much you put in place to mitigate cyber threats, your business is not 100% full-proof. So, the final step to protecting your business is to develop a Cyber Attack Incident Response Plan.
A cyber incident response plan outlines specific actions your business would take in the event of a data breach or other forms of a cyber security incident or attack.
If you’re running a business in 2023, it is safe to assume that it is not exempt from known cyber threats like Phishing and Distributed Denial of Service (DDoS) attacks and others.
As a matter of fact, the UK government’s Cyber Security Breaches Survey 2022 confirms that 39% of UK businesses identified a cyber attack in 2022. So, it pays to protect your business against these threats, and if it happens, be sure that you’re ready with an Incident Response Plan.