8 ways to protect your business from cybersecurity risks
With the Coronavirus raging across the United States, small businesses must be extra vigilant with regards to cybersecurity risk. Cybercriminals are using COVID-19 themed phishing schemes to trick employees into opening malicious malware links and attachments. Hastily created remote working environments are creating new security risks for company networks that are being connected to potentially untrustworthy home computers, devices, and employee home networks.
Unfortunately, this pandemic does not look like it will be going away anytime soon. We must assume that both cybercriminals and nation-states will escalate attacks in both velocity and sophistication.
While company resources are already stretched thin in response to this unprecedented business threat, you must consider the following actions to protect your business:
- Employee awareness is critical. Even in normal business environments, employees are often the cybersecurity “weak link.” At a minimum, remind employees of the heightened cybersecurity risk and inform them how you will communicate COVID-19 information to them. Employee awareness will reduce employee susceptibility to deception.
- Recognize that remote Desktop protocol, which connects computers over a network, are being targeted. Consider procedures that minimize this risk.
- Immediately implement two-factor authentication. This is a low-cost and very effective security strategy!
- Consider encryption technology in general, but especially for personally identifiable information (PII).
- Develop a strategy to secure and monitor cybersecurity risks of remote staff. There are many inexpensive monitoring services available.
- Create an incident response plan to follow during a cyber crisis. Studies have shown companies that follow an incident response plan during a cyber event fare significantly better than those without a plan.
- Consider cybersecurity insurance; make sure it covers ransomware.
- Join an Information Sharing and Analysis Organization (ISAO) to receive up-to-date and curated cyber threat intelligence. By understanding the threats, your organization will be in a better position to defend itself.