The numbers are staggering, and frightening.
- A ransomware attack occurs every 11 seconds. In fact, 60 percent of companies have experienced a ransomware attack in the past year, and their average down time was six days.
- One in every 6,000 emails contains suspicious URLs, including ransomware.
- The number of malicious emails being sent is up 600 percent.
- 560,000 new pieces of malware are detected every day.
The costs can be equally as staggering. According to research from the Center for Strategic and International Studies and security vendor McAfee, estimated global losses from cyber crime hit $1 trillion in 2020, which was double the losses of 2018. A year later, those losses increased about six-fold, to an estimated $6 trillion. The average cost of a data breach for companies with fewer than 500 employees is just under $3 million.
What’s at stake? Not much, really — just your organization’s reputation, interruptions to your ability to conduct business, your going concern, our country’s economic stability, and possibly even our national defense.
And given our shift to remote work, this is no longer something that only business leaders need to worry about. Everyone, from the top to the bottom of your organization, is responsible for cybersecurity.
So what can we — as organizations, as leaders, as individuals — do to keep our businesses safe?
Quite a bit, actually.
So says Clar Rosso. The CEO of global cybersecurity association (ISC)2, Rosso offered a list of 10 cybersecurity steps business leaders can take to protect their organizations during a session at the recent DigitalNow Conference in Nashville. There’s a little something in here for everyone. Take a look. And for more cybersecurity tips and tricks, listen to my recent conversation with Rosso for our “Future-Proof” podcast.
1. Lock down endpoints. This is especially important for your remote workforce. Securing mobile devices, and implementing safety measures like antivirus solutions, URL filtering and blocking, and email scanning are all ways of protecting your remote assets from nefarious elements.
2. Enable “least privilege access.” This means restricting administrative rights, requiring admins to install new applications, and “turning off this kind of access when employees leave or no longer need it,” Rosso said.
3. Patch. Installing routine updates from software vendors can help remove bugs that could otherwise be exploited by cyber attackers. “Installing these patches in a timely fashion is important in limiting points of vulnerability,” Rosso said.
4. Stop “shadow IT.” Remote workers often download non-approved applications which can expose your organization to dangerous vulnerabilities. “Good application management practices can ensure that only approved programs are being used with proper oversight from a security professional,” Rosso said.
5. Mandatory VPN. Virtual private networks add a crucial layer of security by creating secure Internet connections to other networks via encrypted data and hidden IP addresses. “In a remote work environment,” Rosso said, “this is a key tool for small businesses to use when communicating with their employees and partners.”
6. Backup and recovery. One of the best defenses against data loss and cyberattacks is to regularly conduct all-encompassing backups of all systems. “In the event of a cyber incident,” Rosso said, “small businesses that frequently back up their data have the option to simply roll back to the last uninfected backup for a given system, limiting the loss of data and the time, cost and expertise needed to recover.” Don’t forget to train remote employees how to back up their data and — equally important — how to recover uninfected data from a backup.
7. Wi-fi security. The wi-fi network in your workplace should be secure, encrypted, and hidden so that it does not broadcast its service set identifier (or SSID) to the world. Your remote workers will be using consumer-grade Internet connections routers. Studies show that one in 16 home wi-fi routers still use the manufacturer’s default admin password, making them vulnerable to hacking At the most basic level, Rosso said it’s critical that they change default passwords on their home routers.
8. Fight phishing. The top cybercrime in 2020 according to the FBI, phishing scammers send fake emails designed to trick readers into sharing their personal information. These emails often look authentic, but they frequently leave clues as to their criminal intentions. Rosso said organizations should establish clear policies on acceptable email use. Meanwhile, staff should be trained on how to spot phishing emails and bad links, and to report any suspicious emails to organization leaders.
9. Better passwords. These are your organization’s weakest cybersecurity link. “For the sake of convenience, it is tempting to reuse passwords, share passwords between users, and even document them in one place such as a sticky note,” Rosso said. “However, to avoid falling victim to an avoidable cyberattack, it is imperative that all passwords are unique, complex, and kept private.” The use of a password management tool like 1Password or LastPass can help your staff easily create, store, and recall secure passwords.
10. Staff up. Assess the cybersecurity IQs of your team members, then focus on the non-technical solutions they can easily implement first before training them on the more technical security aspects. Continuously explore your technology options — particularly if you are a small business with limited resources.