Improving Your Business Cybersecurity
Michael Lashlee | Technology & Innovation
Small businesses are the lifeblood of a community and provide all manner of essential services and support to enterprise businesses and government. The global economic importance of small businesses cannot be overstated, and so it is critical that small businesses are protected from the ever-increasing volume of cyber-attacks targeting them. Because of the interconnectivity of small businesses within the global ecosystem, a successful cyber-attack on a set of small businesses could have devastating impacts more broadly on the sector, geographic region, and across the globe.
Here are the six areas every business should focus on to stay secure:
- Know What You Have
First things first: Knowing what you have is the first step to better security. Take inventory of all your devices (including desktops, laptops, smartphones and printers) and applications (e.g., email, software, web browsers, websites) so you can take steps to secure them. Keep this list updated as you add or remove devices and applications.
- Update Your Defenses
When you keep your systems updated, you boost your digital immunity against threats such as viruses, spyware and more. First, go through each device and application in your inventory list to make sure that each is configured for automatic updates. Check the instructions or support pages for any device or application that needs to be adjusted. Check each item off your list as you go and be sure to take this step every time you add a new device or application to your business. Also, using recommended security settings – “configurations” – are usually helpful in establishing proper defenses.
Websites are also at risk of being compromised. Many of the website applications used by small businesses have security problems. Run periodic scans of your website to identify vulnerabilities. Send any identified problems to your web manager (or whoever handles your website) for the appropriate action to be taken.
- Beyond Simple Passwords
Lock your virtual doors and windows. Just like in the physical world, when you lock everything down, the bad guys may move on. Your accounts and data (such as email, personnel records or client databases) are valuable assets – to you and criminals. Keep your accounts safer by moving beyond simple passwords: use strong passwords and two-factor authentication (2FA) (an additional layer of protection to your passwords). Be sure to set up unique passwords on all your accounts.
- Prevent Phishing and Viruses
Every year, many small businesses fall victim to costly malware and phishing attacks, which can be difficult to survive. These attacks can infect your systems, resulting in revenue loss, expensive recovery costs, data loss, damage to reputation and more. There are many tools available that help prevent these types of attacks, including DNS security, anti-virus software, and ad blockers. You should consider using one of each of these tools on your devices.
- Protect Your Brand
Protecting the reputation and brand of your business is critical to your success. You can help do this by implementing tools that ensure your brand’s name and email addresses don’t get used by others pretending to be you. An email standard known as DMARC is an effective way to stop spammers and phishers from using company “domains” (the part of your email address after the “@”) to carry out dangerous cyber-attacks, and may be helpful to see who is trying to impersonate you and sending email on your behalf. It’s a way to verify the sender of an email has permission to use your email domain and send email. A side benefit to using DMARC protection is that it may lead to better delivery of email to your customers’ inboxes instead of to their spam folder!
Trademark monitoring tools give you visibility into whether your business’ name or brand is being misused, allowing you to take action to protect your reputation. Attackers set up “look-alike” domains (slightly misspelled or with a different ending, e.g. BestBusiness.com becomes BestBusness.org or BestBusiness.net) to try to trick your customers to defraud them, resulting in damage to your reputation and brand and harm to your customers.
- Defend Against Ransomware
Ransomware is software that infects your computer with malware and encrypts (“locks”) your data. The attacker then demands you pay exorbitant sums of money to get your data back. This has become a serious problem for small businesses. Up-to-date backups are critical for recovery from these attacks (and are generally very good business protection). Additionally, make sure your backups don’t stay connected to your computers. Unplug your external backup device once a successful backup is completed.
- Take Action
Together with Mastercard, the Global Cyber Alliance (GCA) developed the GCA Cybersecurity Toolkit for Small Business, a free online resource that small businesses can use to significantly reduce their cyber risk. The toolkit includes a set of tools, reference materials and videos to assist you with all the scenarios outlined above – so you can protect yourself, your business, your customers and stay focused on what matters most: growing your business.
Michael Lashlee is senior vice president and deputy chief security officer for Mastercard, where he focuses on a range of security matters, from security event management to intelligence and forensics. He also sits on the Advisory Board of the International Association of Financial Crimes Investigators (IAFCI) and the Strategic Advisory Committee for the Global Cyber Alliance (GCA).