As ransomware and phishing attacks continue to increase, many Maryland businesses may feel there isn’t much they can do. However, by following a few basic best practices, your business can dramatically reduce the chance of a successful cyberattack. Here are three tips you should enact today.
Cybersecurity Must be a Priority
While it is common for smaller businesses to feel they aren’t a target, the reality is, even small Maryland businesses are not exempt from being targeted by cybercriminals. We always hear about the larger organizations getting hit by attacks, but it’s less likely that a smaller business will receive the same press coverage. Cybercriminals rely on your complacence, and they know that smaller businesses are a valuable target.
Cybercriminals know smaller businesses often don’t follow best practices or have the solutions in place to prevent or mitigate attacks. The question is often “where do I start?”
Here are three easy-to-implement strategies that all Maryland businesses should work with their IT provider to enact now.
-
1. Use 2FA as Your Early Warning System
When properly utilized, 2FA (Two-Factor Authentication) can be an essential safeguard against your account being compromised. While we have discussed the technical aspects of 2FA previously, here is a brief primer: 2FA relies on using a combination of steps beyond your password to verify your identity. It usually requires a user to not only know their password, but to have their mobile device on hand to prove that they are who they say they are. 2FA is a powerful deterrent, and one of your best lines of defence when it comes to protecting online accounts and securing sensitive information. It adds an extra step for the end-user, but enabling 2FA is worth the hassle.
You’ll want to train your staff to question 2FA alerts that they didn’t anticipate—this can be an indicator that someone is trying to get into an account who shouldn’t be there. If a user gets a 2FA notification while they weren’t trying to log in, they need to report it to IT right away to prevent further issues.
-
2. Take Advantage of Password Management
Once 2FA has been enabled everywhere possible, it’s time to examine your password policy and conduct an audit. You may find that your team members aren't using strong passwords, or worse, are reusing passwords.
As the name suggests, password managers are designed to help your team better manage their passwords. Password managers are useful because they make it much easier to use secure, unique passwords across multiple devices.
Weak passwords are a huge threat to your data security. If your team is responsible for a password, they will make one they can easily remember. This usually means it’s easy to crack. A password manager removes this vulnerability because your team doesn't have to create passwords they need to remember; the password manager does it for them. Moreover, you can program the application to generate passwords that follow your business' best practices.
The final and arguably most important tip you should embrace is investing in the training of your team. While 2FA and password management are essential tools, they can be overcome if your team isn’t trained to recognize when they are under attack. There’s a reason why phishing and other social engineering attacks are the preference for the cybercriminal. They work, and it’s not an exaggeration to note that a lack of security training puts businesses at risk.
Social engineering isn’t going away. It’s designed to co-opt your team, allowing a bad actor to convince an employee to bypass 2FA or other security protocols. By training your team to recognize a cyberattack, you increase the chances that they will sound the alarm. This is critical because the sooner your IT department can take mitigation steps to isolate and prevent the attack from gaining a foothold, the better it will be for you.
When thinking about cybersecurity, it is valuable to note that most breaches (in the range of 91 percent) start out as a phishing attack. To develop an effective anti-phishing campaign, your best bet is to invest in giving your team the skills and tools to prevent their credentials from becoming compromised in the first place.
Maryland Businesses; Don’t Give Up on Cybersecurity
At Dresner Group, we know cybersecurity can sometimes seem like a daunting task, mostly because the news is filled continuously with ransomware attacks, phishing attacks, and high-profile cases that seem so far away from your station. Many businesses think they are done when they deploy a firewall or renew their antivirus, but the reality is the majority of attacks are due to human error.
Cybersecurity doesn’t have to be an unattainable goal or one which requires complicated processes in place. We can audit your network and help you make immediate improvements to prevent attacks and other threats. In the long run, this can save your business time and money, and keep you productive and out of harm’s way.
Dresner Group is committed to protecting your business, your staff, and your customers. Visit our cybersecurity page or call 410-531-6727 today to schedule a cybersecurity audit or to discuss your concerns.