Every 39 seconds, there is a hacker attack. Every day, this number adds up to more than 2,200 attacks. And it’s going to keep growing – in the last six years, the number of cyberattacks has increased by a staggering 67%. If you thought your small local business is safe, it’s time to rethink that assumption, because hackers are no longer picky about their targets. In fact, being unprepared for an attack is exactly what makes small businesses increasingly popular targets of cyberattacks.
Despite these gloomy numbers, small companies and large enterprises alike are not feeling alarmed. According to IBM, the average time to identify a breach in 2019 was 206 days. That’s more than six months of unnoticed exposure! We’ve written at length about the grave financial consequences cyberattacks have on businesses, so it’s clear that investment in the right defense mechanisms is the best strategy to protect your organization from hackers.
The starting point should be a detailed assessment of your current state of security. Is your organization cyber aware? Run your business through this checklist to find out.
1. Are you aware of the information you store?
The first step in your cyber awareness assessment is understanding what kind of information your business or organization collects and how they can be misused. In general, all businesses and organizations store sensitive information to a certain extent.
Sensitive information is not limited to, but most often includes:
- Personally Identifiable Information – any information that can be utilized to discover or determine an individual’s identity
- An individual’s or organization’s financial records
- Confidential information
- Information that could compromise your business’ or organization’s interests and competitive advantage
Processing and storing sensitive information is regulated by laws such as the General Data Protection Regulation and similar legal documents in the organization’s respective country.
In general, all sensitive information must be properly identified and stored, shared or processed exclusively using authorized information systems.
2. Are there any safety protocols?
Keeping your information in a safe place is not enough – it is also important that any action within the system is following a certain protocol. As we pointed out in the beginning, most small and mid-size businesses still aren’t aware of their vulnerability to cyber attacks, so it is safe to assume that most of them don’t have any safety protocols in place.
So here is a checklist of some things that build a solid foundation for safety protocol:
- Strong passwords on devices and the organization’s accounts – it is recommended that these passwords contain a combination of letters, numbers, and special characters. Avoid using personal info or common words, and keep in mind that different systems and apps should not have the same password.
- Frequent changes of passwords – it is recommended to change them once every three months.
- Full control of who has access to devices and information – one of the most common sources of security breaches is a misuse of authorized access. This is why it is important to limit your employees’ access to parts of the system that are crucial to their job roles and responsibilities.
- Have an incident response plan – while creating this plan requires a bit of professional input and advice from cyber professionals, it is relatively simple to create. It requires you to clearly define the security “incident,” assemble incident response team and create a chain of action in case of an unwanted event.
3. Is your staff educated?
We mentioned that a lot of security breaches come from within organizations, but most of the time they are not a result of malicious intent. More often, employees simply aren’t educated about potential dangers and safe behavior.
Make sure your staff goes through regular courses about the latest forms of malicious code, such as viruses, scripts, Trojan horses, etc. What’s particularly important to educate your team about all the creative and sophisticated ways hackers use to trick users into downloading malware – through email attachments, apps, and dangerous sites.
One of the most dangerous forms of hacking includes phishing, which tricks users into voluntarily giving up their personal information or login credentials. In these cases, the danger does not come from suspicious sources, but from seemingly trusted, credible sites or business partners.
4. Do you monitor online behavior?
Apart from keeping tabs on your team’s productivity, monitoring online behavior is also the way to protect your system. Using web content filtering at the workplace network will prevent your employees from visiting inappropriate or illegal sites that are usually a fertile ground for malware and all kinds of hackers.
You should always check the reputation of a website to distinguish between malicious and non malicious websites. At the same time, steering clear from these websites is a great form of legal protection, reducing the risk of involvement in situations that could harm your credibility and good reputation.
5. Do you monitor what happens to your site and brand?
Are you aware of who’s visiting your site? And by awareness, we don’t mean simply analyzing Google Analytics reports – we also mean differentiating between potential customers, business clients, and suspicious visitors. Organizations that use advanced cybersecurity tools are always aware of potentially malicious activities, such as repeated attempts to access the website’s admin panel from an unknown IP address.
Similarly, cyber awareness also means knowing what happens to your brand name beyond the borders of your site and workplace networks. We already mentioned phishing as one of the most dangerous forms of cyberattacks. Phishing is based on convincing users that a certain link or login field comes from a credible source, by mimicking the appearance of a reputable online market or financial institution.
This is made possible by cybersquatting, which can be defined as registering, selling or using a domain name to benefit from someone else’s trademarked property. There are several ways cybersquatters can harm your business, but typosquatting is the one you should pay attention to. For example, “amazon.com” can be typo squatted as “amazonn.com,” prompting users to use the site and enter their credit card number. Although this kind of attack doesn’t happen within the confines of your network or business, it harms your users, and if it happens repeatedly, it could be detrimental to your sales and growth.
What comes next?
After you run through this checklist and take the needed steps to strengthen your defenses and educate your team about cybersecurity, the next important decision involves a choice of tools that will support you on your road to absolute cyber awareness.
Laila Azzahra is a professional writer and blogger that loves to write about technology, business, entertainment, science, and health.