2022 has been a busy year for cybersecurity issues, and October is no different. However, this is the month that we all try to drum up awareness about a variety of cybersecurity issues—and what can be done about them.
Before we get into that, let’s take a quick look at the history of Cybersecurity Awareness Month, along with a few stats that might help you appreciate it even more.
A Brief History of Cybersecurity Awareness Month
In 2012, the National Security Agency (NSA) created an initiative called “Cybersecurity Awareness Month” as part of its efforts to raise public awareness about cyber threats. The NSA also released a video featuring President Obama talking about cybersecurity.
The following year, the Department of Homeland Security (DHS) launched its own campaign, which was focused on educating people about how to protect themselves from online scams.
In 2014, DHS partnered with the Federal Trade Commission (FTC), the FBI, and other federal agencies to launch the first-ever National Cybersecurity Awareness Week.
In 2015, the White House announced that Cybersecurity Awareness Week would be held every April.
In 2016, the White House announced a new partnership between the US government and private sector to create a joint effort to educate Americans about cybersecurity.
In 2018, the White House announced yet another partnership with the private industry to encourage businesses to adopt best practices to improve their cybersecurity posture.
Cybersecurity Awareness Statistics
Now that you know a little bit about the history of Cybersecurity Month, here are some interesting statistics about the focused awareness:
- According to the Center for Strategic & International Studies, there were over 1 billion data breaches last year alone. That means that nearly one out of every ten companies experienced a data breach.
- There have been over 2 million reported data breaches since 2009.
- According to the Ponemon Institute, the average cost of a data breach is $3.86 million.
- In addition to these numbers, the FTC reports that consumers lost over $1 trillion due to identity theft in 2017.
- And according to the Identity Theft Resource Center, the number of victims of identity theft increased by 9% in 2018.
This year, we’re posting a cybersecurity tip daily on our social channels, and in this blog post we will look at the 31 cybersecurity tips you can use to make your business safer.
Tip 1: Train All Staff Members on Cybersecurity Routinely
It’s important to train all of your staff members on cybersecurity regularly for a few reasons. First, it helps them be more aware of potential cyber threats. Second, it gives them the skills and knowledge they need to respond properly to an attack. And third, it shows that you as a business owner are taking the issue seriously and are committed to protecting your employees.
There are a few ways you can go about this training. You can hold regular meetings or workshops, send out monthly emails with tips and reminders, or post information in common areas like the break room or kitchen. Whatever method you choose, make sure that everyone in your business knows how to protect themselves from online attacks.
Tip 2: Use Strong Passwords that are Easy to Remember and Hard to Guess
As we mentioned earlier, it’s important to train your staff on cybersecurity. However, that’s only part of the equation. Equally as important is creating strong passwords that are easy to remember but hard to guess.
To create a strong password, make sure that it:
- Contains at least 8 characters (including the letters and numbers)
- Contains special characters (e.g. !@#$%^&*()_+~)
- Is different from any other passwords you use on other websites or apps
- Making sure the password is not easily guessed by using easily guessable words like your name or address.
Tip 3: Properly Dispose of Electronic Media
Electronic media can be a valuable tool for businesses, but it’s also a source of cyber threats. Make sure to properly dispose electronic media when you no longer need it, and don’t store any sensitive information on your computer or mobile device. Electronic media includes everything from laptop computers to USB drives.
Before disposing of electronic media, make sure that it is securely wiped by deleting all of its data and files. Then, shred the media to avoid any potential cyber threats.
Tip 4: Use Encryption to Protect Data and Minimize Breaches
One of the most important steps you can take to protect your data and minimize breaches is to use encryption. Encryption scrambles data so that it can’t be read by unauthorized individuals. This helps to protect your data from being stolen or hacked, and it also helps to keep your business confidential.
There are a few ways you can encrypt your data. You can use a password-protected file, encrypt all of your data with a certain algorithm, or use a security program to encrypt your files automatically.
Encryption is an important step in cybersecurity, and it’s one that you should take seriously.
Tip 5: Backup Your Data Regularly
One of the most important things you can do to protect your business from cyberattacks is to backup your data regularly. This means copying important files to a safe location, such as an offsite storage facility or an external hard drive. If something happens and your main data is destroyed, you’ll still have a backup.
Backups should be updated on a regular basis, and you should also test them to make sure they’re working properly.
Tip 6: Test Your Data Backups to Ensure They’re Working as Expected
Testing your data backups is an important part of cybersecurity. Not only do you want to make sure that your backups are working as expected, but you also want to make sure that they’re current. By testing your backups, you can identify any issues early and fix them before they cause major problems.
Test your backups by restoring a recent backup to a different computer or device.
Tip 7: Ensure You Patch Your Operating Systems and All Applications
When it comes to cybersecurity, patches are your best friend. Patches fix known security vulnerabilities in your Operating Systems and Applications, and they are usually released as soon as they’re discovered. In order to stay safe, make sure that all of your systems are up to date with the latest patches.
There are a few ways you can keep track of which patches have been released and installed on your systems. You can use software like Microsoft’s System Center Configuration Manager or Apple’s MacOS X Software Update. Or you can manually check for updates by visiting the websites for the applications and Operating Systems you use.
Tip 8: Use Multi-factor Authentication
Multi-factor Authentication (MFA) is a security feature that requires you to enter something more than just your username and password when logging into your account. This can include something like a code sent to your phone, a one-time code you receive after registering for an account, or a biometric scan such as a fingerprint.
Using MFA can help protect your account from unauthorized access. And it can also help keep your data safe if someone does manage to get access to your account.
There are a few ways you can set up MFA on your account. You can use third-party services like Google Authenticator or Duo Security, or you can set it up yourself using an app like Two-Factor Authentication for Gmail.
Tip 9: Ensure You Have Cyber Insurance to Respond & Recover from a Data Breach
A data breach can be devastating for your business. Not only can it lead to lost customers and revenue, but it can also put your employees at risk. That’s why it’s important to have cyber insurance in case of a data breach.
A data breach can happen in a variety of ways, and insurance doesn’t cover every possible scenario. However, many policies do include coverage for the cost of responding to a data breach, as well as the costs of restoring customer trust and rebuilding confidence in your brand.
Having cyber insurance is an important step in protecting your business from potential damage. Make sure to research different policies and find one that meets your needs and complies with all applicable state and federal laws.
Tip 10: Remove Unused Apps to Eliminate Vulnerabilities
Unused apps can be a security vulnerability for your business. By removing unused apps, you reduce the number of potential cyber threats. And by making sure that all of your apps are up-to-date, you reduce the number of vulnerabilities in your business.
To remove unused apps, go to the App Store or Google Play and search for “app removal.” Once you find an app you no longer need, tap on its icon and then tap on “remove.” You will then be prompted to confirm the removal.
Tip 11: Use Trusted Anti-Virus and Anti-Malware Software
Make sure to use trusted anti-virus and anti-malware software on your computer. These programs help protect your computer from viruses and other cyber threats. Make sure the software is up to date, and install it on all devices that access your computer – even your work laptop.
Tip 12: Be Aware: Don’t Overshare on Social Media
Like most of us, your business probably uses social media to connect with customers and grow its reach. But be careful with how much information you share on social media. For example, don’t post personal information like your address or phone number.
When posting information on social media, make sure that you are using secure methods like passwords and encryption. And be sure to keep all of your social media posts up-to-date -especially if there is new information about a cyber threat affecting your business.
Tip 13: Have a Mobile Device Action Plan
Your business might rely heavily on mobile devices for work. But that doesn’t mean you can take them for granted. Make sure to have a Mobile Device Action Plan in place to protect your business from cyber threats. This plan should include policies on who has access to mobile devices, how they are used, and where they are stored. It also includes policies on device security, data storage, and backups.
The best way to create a Mobile Device Action Plan is to start with the basics and build from there. This will give you a good idea of what needs to be included in your plan and help you prioritize the most important issues.
Some of the basics of a Mobile Action Plan include:
- Setting up a password policy
- Requiring user training on device security
- Restricting access to certain areas of the business through mobile devices
Tip 14: Regularly Audit Systems to Identify Anomalies
Regularly auditing your systems for anomalies can help identify potential cyber threats. This includes checking for signs of unauthorized access, malware infection, or other issues. By doing this, you can avoid any major disruptions or data losses that could result from a cyberattack.
One way to audit your systems is to use software that provides real-time alerts when there are changes or abnormalities on your systems.
Tip 15: Stay Updated on Current Threats
It’s important to stay up-to-date on the latest cyber threats. This means not only being aware of new threats, but also being able to respond quickly when a threat is identified. There are a number of ways you can do this. You can subscribe to security alerts from companies like antivirus software or firewalls, read industry journals and blog posts, or follow specific cybersecurity channels on social media.
Even if you’re not sure how to respond to a specific threat, staying up-to-date will help you avoid potential problems down the road.
Tip 16: Beware of Malvertising
Malvertising is a type of cyberattack in which malignant ads are served up on popular websites. These ads can infect your computer with malware, leading to loss of data, infection of your computer with viruses, and even theft of confidential information.
Be especially careful about clicking on links in emails and advertisements. Always use caution when browsing the web, and be sure to install the latest security updates for your browser and operating system.
Tip 17: Document Policies and Procedures
Documenting your policies and procedures will help you keep track of changes, and it will make it easier for you to respond to a cyberattack. Documenting your policies and procedures can be done in a variety of ways, including writing them down, creating drawings or diagrams, or recording video or audio interviews.
An example of documenting your policies and procedures would be documenting how you handle data breaches. By knowing how you respond to a data breach BEFORE a breach happens, you can ensure that your business is taking all necessary precautions AND can respond to a breach quickly.
Whatever method you choose, make sure that all of your employees are aware of your policies and procedures and know how to respond if a cyberattack occurs.
Tip 18: Work With a Trusted Vendor
One of the best ways to protect your business from cyberattacks is to work with a trusted Managed Service Provider (MSP). A well-known and reputable MSP will have a robust cybersecurity program in place and will be able to provide you with the support you need. Working with a trusted vendor can also help you avoid costly cyber attacks.
There are a few things you should look for when choosing an MSP. First, make sure that the company has a strong cybersecurity program. Second, make sure that the vendor has been in business for a long time and has a good reputation. And finally, make sure that the MSP has appropriate licensing and certifications.
Working with a trusted MSP can help protect your business from cyberattacks and save you money in the process.
Tip 19: Keep Your Web Browsers Updated
Keeping your web browsers up-to-date is one of the easiest ways to protect yourself from cyberattacks. Most browsers have automatic updates that will help you protect yourself from new cyber threats as they emerge. Plus, updates often fix existing security vulnerabilities.
Make sure to update your browsers regularly – especially if you’re using a public computer or network. And be especially vigilant when using insecure connections, such as Wi-Fi hotspots and airport networks.
Tip 20: Avoid Connecting to Unsecured Wi-Fi Networks
Many businesses rely on Wi-Fi to connect to the internet. However, connecting to unsecured Wi-Fi networks is a risky proposition. Not only are these networks less secure, but they’re also susceptible to cyberattacks.
To avoid this risk, always choose a secure Wi-Fi network when available. And if you do have to connect to an unsecured Wi-Fi network, be sure to use a security measure like a Virtual Private Network (VPN).
You can tell if you’re using a secure Wi-Fi network by looking for the security logo. It should appear in the form of a padlock or a lock icon in your browser.
Tip 21: Don’t Plug Unknown Devices into Your Computer
This sounds pretty obvious, but it happens. For example, the “USB Killer” attack infected thousands of devices by replicating itself when users plugged in untagged USB drives.
If you’re not sure whether a device is safe to plug into your computer, don’t use it! Unknown devices may contain malicious software and could potentially infect your computer. Instead, check with the manufacturer or distributor of the device to see if it’s safe to plug it in. If not, simply remove the device from your computer.
You can also use a security tool like anti-virus software to scan for malicious software before you connect any new devices to your computer.
Tip 22: Confirm Requests Via Multiple Lines of Communication
When an employee requests access to your business information, make sure to confirm the request via multiple lines of communication. This way, you can be sure that the request is legitimate and not a malicious attack. You can use security features in your email client to do this or you can contact the employee’s supervisor for verification.
One way to confirm requests is to use an email security feature called “anomaly detection”. This feature uses data from the employee’s profile (such as their login information) to confirm that they are who they say they are.
Tip 23: Be Proactive in Your Compliance & Cybersecurity
Being proactive in your compliance and cybersecurity strategy means being aware of potential cyber threats and taking steps to protect yourself and your business. Here are a few things you can do to be proactive:
- Hire a qualified Cybersecurity Consultant to help you identify and address any cyber threats.
- Create a cybersecurity policy that outlines what is expected of your employees and how you will respond if they violate the policy.
- Install antivirus software on all devices used by employees, including personal computers, tablets, and phones.
- Keep up to date with the latest security patches for your devices and software.
- Monitor social media for any suspicious activity related to your business.
Being proactive doesn’t mean sitting back and waiting for someone to attack your business; it means taking steps to protect yourself before an attack even happens.
Tip 24: Monitor Your Credit & Financial Statements
It’s important to monitor your credit and financial statements regularly for a few reasons. First, you want to make sure that your business is stable and has no major financial issues. Second, you want to be aware of any cyber threats or vulnerabilities that could lead to a cyberattack. And finally, if there is ever a problem with your business, you’ll be able to track down all of the information quickly and easily.
There are a few ways you can go about monitoring your credit and financial statements. You can use online resources like Credit Karma or Mint, or consult with an accountant or financial advisor. Whichever method you choose, make sure that you are keeping track of all of your business’s finances.
Tip 25: Perform Vulnerability Scans & Penetration Tests
A vulnerability scan is a quick and easy way to identify any potential cyber threats. A vulnerability scan checks your website for outdated software, vulnerabilities, and security flaws. This type of scan is especially important for small businesses that may not have the resources to properly patch or secure their website.
A penetration test is a more comprehensive cybersecurity test that simulates an attack on your business. A penetration test can help you find and fix any weaknesses in your cybersecurity system.
Both vulnerability scans and penetration tests are relatively affordable and can be done quickly by a qualified third-party contractor.
Tip 26: Have a Disaster Recovery Plan in Place
A disaster recovery plan is important for businesses of all sizes. It helps to ensure that your business can keep operating during a cyberattack, and it can also help you to restore your business if something happens that causes damage.
There are a few things you need in order to have a successful disaster recovery plan. First, you’ll need to identify your critical systems and data. Second, you’ll need to create backup copies of these systems and data. And third, you’ll need to establish procedures for restoring your critical systems and data in the event of a cyberattack.
Creating a good disaster recovery plan takes time and effort, but it’s worth it for the peace of mind it provides.
Tip 27: Review Access Controls Regularly
It’s important to review access controls regularly, ensuring that everyone who needs access to your business information is authorized and has the appropriate permissions. This includes employees, contractors, and visitors.
To review access controls, you can use a variety of security software or checklists. Whichever method you choose, make sure that you are checking for changes and making any necessary adjustments.
Examples of changes include adding or deleting users, changing passwords, and adding new security layers to your website.
Tip 28: Perform a Data Audit
A data audit is a great way to make sure that your business’s cybersecurity is up to par. A data audit includes a review of all of your company’s data assets, from computers and servers to databases and files. This review can help you identify any potential cyber threats, and it can also help you protect your data from unauthorized access.
There are a few ways to conduct a data audit. You can:
- Hire a professional consultant with expertise in data auditing, or
- Research, purchase, and learn to use the best auditing software for your IT environment
We don’t advocate for an internally employed auditor, since a true and trusted audit will be done by someone who doesn’t have a stake in the data or the company.
Whatever method you choose, make sure that you follow the guidelines and recommendations put forth by a professional auditor.
Tip 29: Always Lock Your Devices
It’s important to always lock your devices when you’re not using them, especially if they’re in the office or near other sensitive areas. This way, no one can access your device without your permission. You can use a password or PIN code, or create a security token for mobile devices.
When you’re not using your device, make sure to put it in “sleep” mode and disable all personal data access. This will reduce the chances of someone snooping around on your device without your permission.
Tip 30: Think Before You Click
Before you click on any links or open any attachments in emails, make sure that you assess the potential security risks. There are a lot of scams out there and many of them involve malicious emails with fake links or attachments. Be especially careful about emails that seem to come from well-known organizations like your bank or the government.
If you decide that the email is safe to open, be sure to scan it for viruses and malware before opening it. And if you do open it, be sure to keep an eye on your computer screen while you’re working on it so that you don’t fall victim to a cyberattack.
Tip 31: Delete Old Accounts That You No Longer Use
It’s important to regularly delete old accounts that you no longer use. This helps to keep your online footprint clean, and it prevents other people from accessing your personal information or stealing your passwords.
To keep track of which accounts you should delete, use a password manager or a social media monitoring tool. Both of these tools can help you identify and delete old accounts automatically.
Want Your Free Cybersecurity Action Plan?
Be Ready for the Next Cyberattack
Download our free guide on staying protected from ransomware.
Cybersecurity is not just something you should think about during this month, it should be a year-round focus.
If you’re interested in assessing your current cybersecurity—and would like a detailed Action Plan, contact us today!