October is National Cyber Security Awareness Month. And it couldn’t come at a better time. As last month’s huge Equifax breach proved, no one is safe from hackers and cyber criminals. That breach affected 143 million Americans. There will always be someone out there trying to outsmart the best security systems — and trying to outsmart the humans using those systems. (Turns out that last part isn’t very hard to do. Humans are the weakest link in your cybersecurity plan, and we’ll talk more about how to fix that, too.)
Started by the U.S. Department of Homeland Security and the National Cyber Security Alliance, Cyber Security Awareness Month is an annual campaign to educate and raise awareness about the very real threats that cyber criminals pose to organizations and individuals around the world.
While we love the convenience, efficiency, and speed of technology to conduct business and manage our daily lives, this same technology is putting us and our personal information at risk, too. Cybercrime collectively costs businesses billions of dollars every year. Even a breach to a smaller company can cost hundreds of thousands of dollars. If you’re a small or mid-size company, that kind of cost plus the hit to your reputation could ruin your business.
As a software company, we always stress the importance of security with our clients. We had a lot of questions after this major breach. Cyber security, or the now more commonly used cybersecurity, boils down to common sense and constant vigilance. That’s why we’re celebrating Cyber Security Awareness Month with five best practices for thwarting cyber criminals — and protecting your organization.
Keep Your Software Up to Date
Software updates are not always about fancy new features. They also remove outdated features, update drivers, fix bugs, and, most importantly, fix holes in the security of your software. These security updates in particular make it really important for you to update your software as soon you receive an update notice. It’s a best practice and just common sense to always work from the most updated versions of your software.
Think before You Click
Another way hackers can get in and wreak havoc is through targeted phishing scams. Phishing scams run the gamut but generally work the same way. The scammer sends an email that looks like it’s from someone you trust. It could be a vendor, the IRS, your bank, or even a department within your organization, such as HR or accounting. Some scammers have even impersonated company CEOs!
A typical phishing email usually asks you for sensitive information or includes a link that prompts you to log in to one of your accounts. While the link may take you to a page that looks like the login page you’re used to seeing, that page can actually be a fake landing page that records and saves your information to use later. The email usually expresses urgency, threatening things like shutting down your account and charging big fines if you don’t act right away. These tactics are meant to scare you into acting quickly without thinking first.
To avoid falling prey to these scams:
- First, always look closely at the sender’s email. Scammers are good at making email addresses look very similar to addresses you know and trust, but there’s usually a giveaway of some sort. The URL you know, such as www.yourbank.com, will be off by just a little bit. Maybe www.your-bank.com or www.newURL.yourbank.com — or even something as subtle as one letter: www.yourbanks.com.
- If you’re asked to click on any link for any reason (e.g., to claim a prize, to log in to an account, to check status of an order, to accept a friend request), hover over the link in question with your mouse cursor before clicking. A text box should pop up that shows you where the link is taking you. Does it look familiar? Is it simple and straightforward or long and complicated? What’s the main URL in the link? Do you recognize it? If it looks phishy at all, do not click. TIP: Shortened urls are big red flags that the email is a scam.
- If you’re asked to log in to an account, go directly to that account’s website to log in rather than logging in from the link in the email.
- If the email is from someone you trust but it just doesn’t seem right, call that person to verify that they sent you the email.
For more on how phishing scams work, and how easily they can trick you, check out this article about sophisticated phishing scams.
Create a Culture of Cybersecurity
You can have the best firewalls and security software around and still get hacked. Your people and processes are key to cybersecurity. In fact, according to a report by IBM, 95% of security breaches are caused by human error.
Making cybersecurity a part of your culture is the best way to guard against an attack. You do this by embedding security best practices into your processes and by educating your people on how attacks happen and how to guard against them.
Employees should know:
- How ransomware works
- How phishing scams work
- How to create strong passwords
- The serious repercussions (cost, loss of reputation, risk to individuals) of a security breach
- Acceptable and unacceptable uses of company computers
- The danger of downloading things from unknown sources
Your organization should have policies and processes in place to:
- Ensure that operating systems and software stay up to date
- Manage who has access to administrative accounts
- Ensure that file, directory, and network permissions are shared appropriately
- Regularly back up data and check its integrity
- Assess all devices connected to the network
Use Cybersecurity Software with a Good Reputation
You also need to do your due diligence to protect your organization from a cyberattack using the technology that’s out there. The foundation of your cybersecurity plan should include installing firewalls and antivirus software. These pieces are crucial to have, as they create your first lines of defense against an attack. Don’t just purchase the cheapest option. Do your research to find reputable vendors, as well as to find the software that best suits your organization’s needs. If you need help comparing options, there are agencies and consultants who can help you by leading the selection process for new cybersecurity software and by offering an objective, third-party perspective as you make your decision.
Have a Response Plan
Finally, you need to be able to detect incidents and have a plan for responding. In the event of a cyber breach or attack, every minute counts. From the detection of a vulnerability to a full blown attack, you need to respond quickly once a breach has happened. Work with security experts to develop a plan that covers all likely scenarios. Once you have a plan, train your staff on the procedures.
Cybersecurity is a real threat. According to the National Cyber Security Alliance, 50% of small and midsize businesses have been breached in the past 12 months. Following these cybersecurity best practices will help make sure your organization doesn’t become the next headline.