4 Changes You can Make Today to Secure Your Business

If your business isn’t part of the Fortune 500, you might think that hackers and cybercriminals aren’t after you, but new research from Check Point shows otherwise. With corporate attacks up 50%, Q4 2021 became the most dangerous quarter in cybersecurity history.  

Cybersecurity is a mission-critical investment for every business, regardless of size. But security measures don’t need to break the bank to be effective. Addressing these four pillars of cybersecurity can help you lay a strong foundation and prevent disaster. 

Also known as two-factor or two-step verification, multi-factor authentication (MFA) is a security measure requiring anyone logging into an account to complete a two-step process to verify their identity.  

MFA makes it twice as hard for criminals to access online accounts. So make sure to turn it on when available as a simple and effective way to boost security.  

How does MFA work? 

By adding just one more step to the login process, MFA significantly increases account security. 

Just like logging into your account, the first step is entering your password. The second step is to provide an extra way of proving that you’re you, like entering a PIN code or texting/emailing a code to your mobile device, or accessing an authenticator app. MFA can include: 

• Entering an extra PIN
• Answering an extra security question like, “What’s your favorite pet’s name?”
• Providing a unique number generated by an authenticator app 
• Using a separate piece of hardware, like a key fob that holds information, that verifies a person’s identity with a database or system 
• Using facial recognition or a fingerprint 
• Providing an additional code via email or text 

What type of accounts offer MFA? 

Not every account offers MFA, but it’s becoming more popular every day. It’s seen on many accounts that hold either valuable financial or personal information like banks, financial institutions, online stores, or social media platforms. While MFA should be used wherever possible, we especially recommend it for accounts that store financial data or personal information that could be used to defraud someone else.  

If you’re not using MFA yet, it’s worth checking the settings in your most used platforms to see if MFA is an option. 

Aldrich’s Advice: Activate MFA for all your business accounts, and ensure it’s also set up for your employees.  

Probably the most common security factor, passwords are like the keys to your house or business—and should be protected and maintained as such.  

Creating, storing, and remembering passwords can be a pain for all of us online, but the truth is that passwords are your first line of defense against cybercriminals and data breaches. Also, it has never been easier to maintain your passwords with free, simple-to-use password managers like LastPass and Keeper. So with a few moments of forethought today, you can stay safe online for years to come. 

Use Long, Unique, and Complex Passwords 

No matter what accounts they protect, all passwords should be created with these three guiding principles in mind: 

• Long: All passwords should be at least 14 characters long. 
• Unique: Each account needs a unique password. Never reuse passwords. This way, if one of your accounts is compromised, your other accounts remain secured. We’re talking really unique, not just changing one character or adding a “2” at the end. To trick up hackers, none of your passwords should look alike. 
• Complex: Passwords should combine upper-case letters, lower-case letters, numbers, and special characters. A short sentence like, “I l0v3 my gOld3n retriever!” is another great way to create a secure and memorable password.  

Aldrich’s Advice: We know you and your staff have more online accounts than you can remember. And, in turn, more passwords than you can keep up with. Rather than sacrificing strong passwords for the sake of memory, free and easy-to-use password management tools make managing your library of login information a breeze. 

Always keep your software updated to the newest version and avoid delaying service updates. These fix general software problems and provide new security patches. Hackers are always looking for the weak spots in your organization, so shore up the walls with the latest updates. 

Download Only from the Source 

When downloading a software update, only get it from the company that created it. Never use hacked, pirated, or unlicensed versions of software. These often contain malware and cause more problems than they solve.  

Automate Updates 

Software from legitimate companies usually provide an option to update your software automatically. When there’s an update available, it reminds you so you can easily start the process or schedule it for later. If you can’t automatically update it, create a reminder to check quarterly if an update is available. 

Aldrich’s Advice: Automatic updates can help you ensure your business’s essential software is secure and ready to go when you are. Avoid downloading software or programs from third-party websites, and steer clear of any websites urgently asking you to download a file or fill out a form.   

Phishing is when criminals use fake emails, social media posts, or direct messages to lure you into clicking on a bad link or downloading a malicious attachment. If you click on a phishing link or file, you can hand over your personal information to cybercriminals without ever realizing it. A phishing scheme can also install malware onto your device.   

Fortunately, avoiding a scam email is easy when you know what to look for. 

Check Before You Click 

The signs can be subtle, but once you recognize a phishing attempt, you can avoid falling for it. Before clicking any links or downloading attachments, take a few seconds and ensure the email looks legitimate. Here are some quick tips on how to spot a phishing email:   

• Does it contain an offer that’s too good to be true?   
• Does it include language that’s urgent, alarming, or threatening?   
• Is it poorly crafted writing riddled with misspellings and bad grammar?  
• Is the greeting ambiguous or very generic?   
• Does it include requests to send personal information?  
• Does it stress urgency to click on unfamiliar hyperlinks or attachments?  
• Is it a strange or unexpected business request?  
• Does the sender’s email address match the company it’s coming from? Look for little misspellings like pavpal.com or anazon.com.  

What do I do once I’ve spotted a phishing scam? 

The first and most important step is recognizing that an email is fake and part of a criminal’s phishing expedition. If you’re at the office and the email came to your work email address, report it to your IT manager or security officer as quickly as possible.   

If the email came to your personal email address, don’t do what it says. Do not click on any links – even the unsubscribe link – or reply to the email. Just delete it entirely. Remember: don’t click on links, just delete.   

You can take your protection a step further and block the sending address. Here’s how to: 

• Block a sender on Outlook. 
• Block a sender on Gmail. 
• Block a sender on Mac Mail. 
• Block a sender on Yahoo! Mail. 

Aldrich’s Advice: If you suspect an email is phishing for your information, report it quickly. If the phishing message came to your work email, let your IT department know ASAP.  

Here’s how to: 

• Report a phish on Outlook. 
• Report a phish on Gmail. 
• Report a phish on Mac Mail.

While maintaining a secure network and environment can seem daunting, investing in cybersecurity is crucial to growing and building your organization. If you have questions about cybersecurity or need help managing your business’s security requirements, fill out the form below to contact our expert, Kathel Kelton, CISSP.