A guest post written by: James Kudla, President of Tarrytech Computer Consultants
With many small businesses having employees work from home in some capacity, it’s important for owners to be aware of how at risk they are to cyberattacks. Hackers, scammers, and cybercriminals of all kinds target small businesses because they are plentiful, and often, they lack good cyber security and that is if they have any at all. Here’s the kicker: these criminals don’t need to use malicious code or advanced hacking skills to get what they want. Many of them target your biggest vulnerability: your own employees.
It’s unfortunate, but every day, employees of small businesses unknowingly let hackers right in and here’s five common reasons why that happens so often.
- They are uninformed. Many people have never been trained in cyber security best practices. While some of us may know how to protect our network, safely browse the web, and access e-mail, many people don’t. Believe it or not, people do click on ads on the Internet or links in their e-mail without verifying the source. This can be fixed with regular cyber security training. Have someone in your IT department or an experienced IT security firm and set up training for everyone in your organization, including yourself. Learn about best practices, current threats and how to safely navigate today’s networked world.
- They don’t use strong passwords. Many people still use poor passwords like “12345” and “password.” Simple passwords are free passes for hackers. Once they have a username (which is often just a person’s actual name in a business setting), if they can guess the password, they can walk right into your network. It is recommended to create a policy that requires employees to use strong passwords and to change them on rotating basis, such as every three or six months. On top of that, it’s recommended to use 2-factor authentication everywhere possible. 2-factor authentication grants access to your critical data and systems based on two things – your username/password, and a secure code that is randomly generated when you need it. Implementing this service will significantly decrease your cybersecurity risk.
- They don’t practice good security personally. These days, many businesses rely on “bring your own device” (BYOD) policies. Employees use the same devices at home and at work, and if they have poor security on their personal devices, they could be opening your business to major outside threats. Coupled with the fact that most people are working from home, it is important to establish an IT security policy that outlines the “approved” devices, procedures, and protocols for both personal devices and working remotely. When this is not in place, connections and remote access are set up with tribal knowledge, or best effort and may not include anti-malware software. This can unknowingly introduce threat vectors for bad actors and hackers to compromise your network.
- They don’t report potential issues. If an employee opens a strange file in an e-mail, they might not say anything. They might be embarrassed or worry that they’ll get in trouble. But by not saying anything, they put your business at huge risk. If the file was malware, it could infect your entire network. Employees must be directed to communicate potential security threats immediately. If they see something odd in their inbox, they should tell their direct supervisor, manager, or you. The lines of communication should be open and safe. When your team is willing to ask questions and verify, they protect your business.
- They fall for phishing scams. One of the most common scams today is the phishing scam. Cybercriminals spoof email addresses to trick people into thinking the message is legitimate and with everyone working in such a fast-paced environment it’s easy to just jump to reading and clicking whatever is in an email. However, phishing e-mails are easy to spot if you take the time to look at the details. For example, the CEO’s email might be CEO@yourcompany.com, but the scam e-mail is from CEO@yourcompany1.com. It’s a small but significant difference. Again, it’s all about asking questions and verifying. If someone isn’t sure if an e-mail is legit, they should always ask.
The takeaway here is that it’s important to communicate and educate your employees so they are equipped with the knowledge and tools to help keep your company safe from cybercriminals. As with everything in business, it comes from the top down, so if you as an owner make cybersecurity a priority the company will surely follow suit
Written by James Kudla, President of Tarrytech Computer Consultants, a premier technology partner located in Elmsford, NY that services businesses throughout the NY Metro region. For more information, please visit: www.tarrytech.com.