How to Cyber Secure Your Company in 60 Minutes or Less
In today’s digital economy, cybersecurity is just as important as traditional, physical security. Many small businesses that wouldn’t dream of leaving their stores or offices unlocked and unguarded give little time or effort to a cybersecurity strategy. That’s in spite of 2018 research from Hiscox revealing that nearly half of small businesses suffered a cyber attack in the year prior to the study. Clearly, the notion that hackers won’t bother with the “little guy” is mistaken.
Other reasons that small businesses ignore cybersecurity include lack of resources and understanding. Physical security can be felt and seen. Locked doors, security cameras, and security guards are visible deterrent features.
Cybersecurity is different. It’s mostly invisible, and your average user won’t notice it. That said, cybersecurity isn’t as difficult to implement as some imagine. Here is how to cyber secure your company in 60 minutes or less.
1. Audit Your Existing Cybersecurity Measures
If your company has any cybersecurity measures in place, the first step is to review these. Look for holes or vulnerabilities in your plan. Review your internal IT policies, looking for weaknesses that a disgruntled employee or even a bad actor could exploit.
If no one in your company is in a position to perform this audit, or if you aren’t sure whether you have any cybersecurity measures in place, you need to bring in a consultant to perform this task. If you’re working with a managed service provider (MSP) already, check to see whether cybersecurity is a service they offer.
2. Train Staff on Phishing Techniques and Other Email Scams
Remember that notion that master hackers probably aren’t interested in coming after your small business because you’re the little guy? There’s actually an element of truth there. The likelihood of some shadowy group of elite European hackers employing TV-show-level hacking skills to break into your computer systems is pretty low.
That doesn’t mean you’re safe from all cybersecurity threats, though. Most of the time, hackers will get into your system by phishing.
Phishing schemes can take on a number of forms. Generally, they involve a realistic-looking email that’s made to look like it comes from a trusted organization (say, Microsoft) or from a trusted and important individual (say, your CEO or another executive).
Organization-based (or credential-based) phishing campaigns may include a link to a convincing but fake login page. Users enter their credentials, which go straight to the hackers who set up the scheme. Those hackers now have credentials necessary to log onto your company’s systems.
Personality-based phishing campaigns usually involve some social engineering. The “CEO” tries to convince a low-level user to do something that’s a breach in policy, and the user complies, hoping to impress the CEO. Instead, he or she gives away the store.
Training Is Key
Phishing schemes are not that complicated, and most users can identify them easily with even 60 minutes or less of training. Invest in this training to keep your business safer.
3. Set up Two-Factor Authentication
Two-factor authentication (2FA) is an added layer of security that can be enabled on many types of accounts. With 2FA, users enter their username and password as normal, but there’s an additional step. Users will also need to enter a randomly generated code (usually sent via text message). 2FA should be enabled wherever possible in your organization. Taking this step alone will cripple most credential-based phishing attacks.
4. Review and Strengthen Your Password Policy
Lastly, set up a password policy that forces users to create complex passwords and change them regularly. You’ll reduce your exposure to threats of stolen credentials and thus tighten up your cybersecurity strategy.
These 4 steps can help you improve your organization’s cybersecurity, but they aren’t a comprehensive strategy. We can work with you to form a cybersecurity strategy that’s comprehensive and customized to your business. Are you ready? Contact us today.
Always at your service to provide the highest level of quality support to our customers.
Anthony Firth Client Engineer
“I’m passionate about building and fostering relationships, and finding solutions for success.”
Michael Koenig Client Account Manager
“I help clients stabilize and grow their IT infrastructure so they can focus on growing their core business.”
Josh Wilshire Systems Engineer Team Lead
“I strive to provide the highest level of quality service to our customers.”
Tommy Williams Sr. Hardware Engineer
“I’m driven by the steadfast belief that technology must serve as a business enabler. This mantra has driven 21
Years of successful partnerships.”
Stephen Riddick VP Sales & Marketing
“CSP doesn’t succeed unless your company succeeds.”
Stephen Allen Inventory Manager
“Through my intuition and genuine concern to help others I have built long-lasting relationships with our customers, co-workers and business partners.”
Scott Forbes VP Support Services
“Every day, I work with clients to help plan the future of their businesses.”
Michael Bowman vCIO
“Your IT problems become our IT solutions.”
Mark McLemore Project Engineer
“Managing internal and external operations to ensure that CSP provides quality and reliable customer service .”
Margie Figueroa Business Manager
“Providing quality internal and externals financial support to our customers and accounting support to CSP.”
Katie Steiglitz Accounting Administrator
“Some call me the CEO. I call myself the Cheerleader for an awesome team!”
William B. Riddick Founder & CEO
“CSP is here to assist you with your IT needs.”
Beth Wylie Inside Sales Manager
Thinking ofHiring A New IT Company?
On What Questions You Need To Ask Before Signing Any Agreement.