When business owners review the challenges they face in the competitive marketplace, cybersecurity isn’t always at the top of that list. In 2024, that’s not only unfortunate, it can also be dangerous.
Today’s businesses face more cybersecurity risks than ever, and it is incumbent upon all astute business owners to entrust their IT teams, or external IT providers, with a mandate to take every possible measure to prevent fraudsters.
Workplace email security should always be a priority
Employee email—an invaluable method of communication—is also the most clear and present danger for an outside fraudster to successfully hack into company data.
David B. Rounds
Employee email is the source of approximately 95% of all cybersecurity incursions. That’s a frightening reality for business owners, because once an employee’s email is hacked, it’s possible for criminals to gain control of the business’s mailbox and obtain personally identifiable information (PII), considered a treasure trove of data by fraudsters. Using hacked workplace credentials, criminals can then take control over an employee’s computer and scan through the company’s network in search of PII.
The end result for companies—depending on the type and scope of the hack—may be a financial and public relations catastrophe and could require filing a report of the event to regulatory agencies or government entities.
While organizations of every size and scope are potential targets for cybercriminals, most often it’s the small- to mid-sized businesses that are the preferred hacking victims, due to the limited resources those companies have to commit to ensure data safety.
Of course, we’ve also heard about successful hacks against multinational companies and even government agencies; however, those types of attacks are usually undertaken more for their notoriety than rewards. But hacking incidents involving smaller businesses are viewed by fraudsters as their proverbial “bread and butter.”
With that in mind, performing regular data backups as well as software updates should be standard practice for all companies.
Best practice cybersecurity measures for every business
Regardless of organizational size, there are several important security measures that every business should undertake to help ensure the security of their proprietary data. In cybersecurity, as in health, prevention is vastly preferable and less expensive than finding a cure for the problem.
Given that, security measures required to prevent fraudsters from successfully hacking company data should always include the following procedures:
• Training employees about cybersecurity: Every employee who has access to company email and/or data should be trained in cybersecurity best practices; that training should include recognizing signs of a phishing attack and reporting suspicious actions.
• Utilizing firewalls and antivirus software: Two of the most critical tools required to avoid hacking and ransomware attacks are the installation of a firewall and antivirus software. Think of these measures as being the IT equivalent of installing a locked screen door to your company’s online “front door.”
• Threat hunting: This is the next level of protection. Known as EDR, MDR or XDR, the “DR” means detection and response. This is software that actively hunts for malicious activity in your network. Traditional antivirus and firewalls are no longer enough. Think of this like a sentry in your company’s network.
• Disaster recovery plan: Backing up your company’s proprietary data is a commonsense and critical action that could prove invaluable in the event of a hacking attempt. But having a backup does no good if you do not have a recovery plan that has been tested. Also, be sure to secure data in a location not connected to your network, such as cloud storage that has separate credentials to access.
• Secure mobile devices: In the age of the smartphone and given the access to proprietary data they can provide, mobile phone security has taken on even greater importance. Businesses should create cybersecurity plans that require users to utilize protective passwords for their smartphones, as well as encrypt data and install security apps.
• Control access and secure Wi-Fi networks: If multiple employees use the same device, each worker should have his or her own separate account; unauthorized individuals should never have access to use the device or the data it contains. It is also important to secure, encrypt and hide your company’s Wi-Fi network to restrict public access. End-users should never have local administrative rights over their machines. This allows them to install malicious software by mistake.
It’s also important for businesses to employ multifactor authentication. The days when a company, or employee, could rely on a simple password for cybersecurity are long gone; hackers today are far more sophisticated than in the past. However, with multifactor authentication, even if a hacker manages to obtain a security password, they can’t access an account without that additional authentication, which often involves a one-time code sent to either a cellphone or device.
Increased awareness means proactive protection
The Identity Theft Resource Center reports that last year almost 2,400 business data breaches were the result of cyberattacks. That’s more than the previous record for all types of data breaches in a single year.
For businesses, the threat posed by potential hacking has never been greater. However, the multiple, high-profile hacks in recent years has increased awareness of the risks posed by weak cybersecurity. It’s also why more businesses are investing in cybersecurity insurance policies. Given the negative financial impact of a successful hack, insuring data and IT systems simply makes common sense.
With the proper precautions and a clear-eyed view of the cybersecurity risks ahead, business owners can mitigate the likelihood that they or their companies will be among next year’s hacking statistics.
David Rounds is founder and CEO of NetEffect, a managed IT service provider based in Las Vegas.
Click HERE to subscribe for free to Vegas Inc’s BizClick newsletter. Stay up to date with the latest business news in Las Vegas sent directly to your inbox each Monday.