You’ve got to juggle many different tasks and considerations as a business owner, including managing the need for robust cybersecurity measures to protect your business from cyber-attacks. Suppose you run an online payment processing company or something of that nature. In that case, you’re already well aware of the need for airtight cybersecurity. But business owners who don’t conduct much business online sometimes think they’re in the clear and unlikely to be targeted by cybercriminals. Unfortunately, that’s not the case, as now almost every company has some online presence, making them vulnerable to attack. Due to this, it’s crucial to understand and utilize cybersecurity tips.
Nowadays, almost every business uses the internet in some way to transfer or store information. Even if you just have a small website that tells the public about your company, it could be vulnerable to hackers. The more you have online, the more you risk. Regardless of the size or description of your business, you have some level of vulnerability to cyber-attacks and must protect yourself with the best possible cybersecurity measures. These cybersecurity tips for business owners are designed to give you a sense of how to keep your business and your data safe from prying eyes.
As the old saying goes, an ounce of prevention is worth a pound of cure. That’s never more true than when it’s applied to cybersecurity tips for business owners. Because of the nature of digital files and information, once a data breach occurs, there are few good ways to contain it and stop the damage without significant hassle and expense. Once that happens, you need commercial cyber insurance protection to prevent further financial losses. Here are some key cybersecurity tips to offer your business protection against cyber threats of all types, from viral infestations to suspicious emails.
Our first cybersecurity tip deals with one of the universal lines of defence against potential online thieves: passwords. This is because you need one to get into an online account. However, this is one that many people often get wrong, as they use weak passwords to protect their most valuable accounts. While some thieves use highly technical or subtle strategies to access a target’s password, there are those who just guess. This seemingly silly technique can get you if you’re not prepared since some of the most common passwords are extremely easy to guess, with the most common one being “123456”. Other common passwords include different sets of numbers and common words and phrases such as “password,” “admin,” “qwerty,” “iloveyou,” and “letmein”. Names of loved ones, favourite fictional characters, and local sports teams are also common low-hanging fruit for cybercriminals to grab at.
A common cybersecurity tip is to ensure every password always has at least one capital letter, one small letter, a number and a symbol. However, this often leads to people creating alternatives to the above that contain all of these, such as “P@ssword1”, which is also often easily guessed. It’s best to avoid using a real word as the basis of a password, as the most secure passwords are often random strings of letters, both capital and small, as well as numbers and symbols.
Longer passwords are also often better, as they are less susceptible to other more technically sound techniques, such as brute-forcing a password.
This cyber security tip is tied to the previous one, but it’s still a simple task that is often neglected. Most people prefer to avoid changing their passwords, especially when they use complex ones, because it means they have to remember new passwords regularly. A related cybersecurity tip that people often ignore is that each login must use a different password. But like how locking your front door makes it more difficult for would-be trespassers to get into your home, strong passwords are essential security measures to prevent cyber trespassers from wandering into your server or online accounts. One easy way to avoid forgetting your password is to use password managers that securely store your passwords and enter them in for you with the click of a button.
Computer viruses and malware are right up there among the most common malicious attacks, so a good cybersecurity tip is to invest in reliable anti-malware and antivirus software for every computer you or your employees use. There are many popular security tools out there, so make sure to choose one with a solid reputation for defeating viruses and malware.
Having security software in place is good, but it will only help you in the slightest if you follow the related cybersecurity tip of keeping it current with regular anti-malware software updates. Set it up for automatic updates so you don’t have to see all those annoying reminders that you need security patches. It’s easy to get used to out-of-date notifications and eventually ignore them, but that means the software is not functioning, and your computers are unprotected.
There’s a good chance you have a Wi-Fi network for your business, and ensuring it’s adequately secured is another important cybersecurity tip to remember. If you run a hospitality business such as a coffee shop, you may even have public Wi-Fi for your customers to use. In that case, having a second, secured, private network for your business use, your personal and your employees’ personal devices is crucial. To avoid any security risks, make sure to stay off the unsecured public Wi-Fi network entirely. The biggest downside of public networks is the same as their biggest upside: they’re public, which means anyone can access them, even people with malicious intent. The wireless network your business uses should be secure, encrypted and hidden.
Ensuring you’re backing up all your data in multiple locations is a vital cybersecurity tip. It could potentially be stolen or deleted in a ransomware attack, or another type of security breach, and the loss of information could prevent your business from operating as usual or leave you liable for its loss. If it’s backed up in a second location, you still have to deal with a data breach—but at least you haven’t lost access to critical documents you need to run your business.
Multi-factor or two-factor authentication is when you enter a password, and it sends a text or email to your mobile device with a code to confirm that it’s really you who is trying to log in and not bad actors trying to gain unauthorized access. This way, even if a cybercriminal does gain access to or guess your passwords, they can’t use them without physical access to your mobile device, adding a second layer of security and preventing a successful attack. Multi-factor authentication is an extra layer of security that isn’t necessary for every business, but it is worth the effort if you find that you might be vulnerable to stolen passwords.
Those who are less familiar with the more technical aspects of websites might not know the difference between HTTP and HTTPS. While an understandable oversight, it can make a large difference. Each URL contains one of these at the beginning, even if you need to copy/paste it elsewhere. HTTP stands for “hypertext transfer protocol,” with the extra S in HTTPS standing for “secure,” meaning that it’s encrypted. If any third party is able to intercept data on an https site, they will not get the information they desire. A good cybersecurity tip is to only put in sensitive information on sites that use HTTPS, as well as make your own site HTTPS enabled.
As a business owner or manager, you may be reasonably well-versed in cybersecurity best practices—but that doesn’t mean your employees are. Just protecting against attacks from malicious software and other digital invaders isn’t enough because all the encryption and cybersecurity in the world can’t protect you from human error by an untrained employee, so a good cybersecurity tip is to give your employees the training they need to keep themselves, your clients, and you, safe. They don’t all need to be cybersecurity experts, but your employees should know common types of tricks such as phishing attacks, trojan horses or social engineering.
Phishing attacks are when a malicious person from outside the organization gets information from an employee within the target company with a targeted link used to gather vital information. An example of a phishing attack is that it’s fairly common for cybercriminals to pose as a CEO or higher-up at your company and email or call employees asking them to purchase gift cards and send them right away. Another example of a phishing email would be one with a link to a legitimate-looking website that encourages users to type in their login information, thus giving it to the hacker.
Trojan horses, just like the historic object that shared the same name, are disguised as something useful, but really contain something dangerous within. They usually take the form of a program that could help the computer, such as business software. However, like the historical example was full of enemy soldiers, a modern-day Trojan horse contains a virus.
Social Engineering is when a scammer calls your employees, often claiming to be someone from tech support or IT. The scammer will then claim they need the employee’s username or password to log in to their account and fix a problem.
It’s best to train employees on how to identify a scam. Knowledge of cybersecurity practices can help prevent them from falling victim to common threats and phishing attempts from unauthorized users.
No matter how much you follow the other cybersecurity tips mentioned in this article, having valuable information simply lying around ready for a criminal to gather can blindside you. While it might seem obvious that employees shouldn’t leave papers showing their login details or any sensitive documents lying around on their desks, you’d be surprised how often this happens when employees get complacent. Another cybersecurity tip is to have employees keep their phones in their pockets and lock their screens while leaving their desks for things like meetings, lunch, and washroom breaks.
Another big cybersecurity tip to remember is that your employees should only have access to the information they need to do their jobs. If they have nothing to do with sending and receiving invoices, for example, there’s no need to give them access to your and your client’s payment information or similar sensitive files. This isn’t about not trusting your employees; it’s about the fact that cyber criminals can’t steal knowledge and data from your employees that they don’t have. Each employee should have their own account to log in to with a single user, and each profile should only be allowed to access the information that individuals need for their work duties.
By now, you can see the importance of a cybersecurity plan. One of the major cybersecurity tips you should follow to ensure your cybersecurity strategy is solid is to evaluate your risk levels and potential security flaws. That could involve hiring a third-party consultant to review your measures and recommend additional cybersecurity tips. Think about the data you have, who might want to get it, and how they are likely to go about attempting to steal it from you so you can close up any security vulnerabilities and ensure your business information and systems—and the information of your clients, partners and vendors—is safe in your hands.
An important cybersecurity tip is to always assume you’re vulnerable to cyber risk. Some smaller business owners often assume they are too small to be targeted for theft since cyber criminals won’t bother with someone who doesn’t have any valuable information worth stealing. This, along with many other common cyber insurance myths, is untrue. Firstly, small businesses are prime targets for many malicious actors because they are much more likely than larger companies to have inadequate or even no cybersecurity measures, making them easy pickings. Secondly, you have more valuable information than you think. It doesn’t necessarily have to be financial files or human resources files—even an email address or the name of someone who works for your business can be helpful to a cyber-criminal because it lets them get their foot in the door and get employees to trust them so they’ll give up access to more critical data and facilitate other suspicious activity unknowingly.
Another common mistake is for large corporations to think that because they have a large IT department, they are immune to cyberattacks. While having a large IT department can help and is a good cybersecurity tip, it can cause other employees to be more lax with their preventative measures, which could cause a breach. It’s important to remember that your tech support people are technical experts with relevant skills and training, not technology wizards who magically fix everything instantly.
Also known as virtual private networks, VPNs are a way to establish a more secure connection and hide your personal information by encrypting it. It also hides things like your location and IP address, granting an extra level of security. Acquiring these on your computers is becoming an increasingly common cybersecurity tip, one that we actively endorse.
You might be looking at this cybersecurity tip and wonder how a hacker could help you? Aren’t hackers bad? This is a common misunderstanding. You must remember that there are two types of hackers: black hat and white hat. Black hat hackers are the ones who try to access your company’s information illegally. White hat hackers are usually security experts hired as contractors by a company to find weak points in their cyber defences and report them to the company to make security suggestions. It is then up to the company to fix those problems before a black hat hacker can exploit them.
The final cybersecurity tip we’ll leave you with is that you need some cybersecurity protection in place to get cyber insurance. What you need to do can vary quite a bit based on the insurance company, your business’s risk levels, and more. But if you still need to get the most basic cybersecurity best practices in place, insurance providers will decline to give you a quote for cyber liability coverage. That fact alone proves how common cyber attacks are and how likely you are to fall victim to one without the necessary protections.
When it comes to cybersecurity tips, it’s better to be over-prepared than under-prepared. Whether you’re a big, small or medium business, it’s important to take all the cyber security measures that you possibly can to keep your sensitive business information safe. Taking a few extra steps worst-case scenario will make things mildly inconvenient, while the worst-case scenario of under-preparing is much worse.
This content is written by our Morison Insurance team. All information posted is merely for educational and informational purposes. It is not intended as a substitute for professional advice. Should you decide to act upon any information in this article, you do so at your own risk. While the information on this website has been verified to the best of our abilities, we cannot guarantee that there are no mistakes or errors.
