As large-scale hacking events – such as recent breaches of Yahoo!, voter, health and banking data – continue to dominate headlines, leaders of small- to mid-sized businesses (SMBs) would be wise to remember your firm could be targeted, too. Especially after the holiday season, when you or your employees may have slackened vigilance a bit. Maybe while shopping online using a work device or business email address you neglected to check for a secure HTTPS connection. Or, perhaps while traveling to visit relatives you checked your inbox using unsecured WIFI in a coffee shop.
Hackers may be betting a relaxed attitude carries into the new year. Per the insurance firm Travelers, 62% of cybersecurity breach reports come from poorly prepared SMBs. So, why not start 2017 by resolving to tighten your organization’s cybersecurity measures?
- Passwords: Change them, just in case. Any device with access to business email should be at least password, fingerprint, and/or lock-code protected. Make sure your team members change passwords on every one. Mobile devices may not be the first channel attacked, but it happens. When asked about security breaches, company leaders report they’ve already experienced breaches through mobile devices, especially through apps.
- Sending Files: One tried-and-true method for secure file transfers that may have fallen victim to convenience is sending links to files instead of attachments. If you’re using cloud file storage like Microsoft OneDrive or Google Drive you can control the access permissions easily, before you send the link.
- Don’t Get Hooked: When racing through our inboxes after holiday vacation, we may be tempted to skip verifying email senders. If a partner, vendor or bank had a breach, your email address could be phishing Remind your team to be wary, especially of emails asking for account details. If you see something suspicious, call your contacts at the sender company (with the phone numbers you know, not the ones in the suspect email) and ask about the request. If it’s a scam, they’ll thank you for alerting them.
- Check Security at Your Cloud Provider: If you use external back-up routines for business data, you should review the provider’s security process, including who on their team has access to your data. Ask your contact how their company keeps up with new types of threats, how often they evaluate and implement new ways to fight off those threats. If he or she can’t answer these questions quickly and knowledgeably, consider that a warning and dig deeper.
- Consider New Security Tech: Stronger authentication technologies are more affordable and easier to implement than ever. Many involve biometrics (such as fingerprints) that confirm the person, not just the login and password. And maybe it’s time to consider implementing a data-loss prevention system, one designed specifically for SMBs.
An IT Managed Services Provider (MSP) can help with all these security measures for the new year. But if you’re wondering whether your MSP has the right stuff to keep you out of trouble, our post “Is Your IT MSP a Cyber Security Guru? Check for These 5 Soft Skills to Find Out” has some guidance.