As hackers have gotten more and more experienced over the years, businesses have had to increase cybersecurity measures. With the coronavirus pandemic going on, it leaves businesses more vulnerable than normal. Businesses are having to conduct their business all online. Some businesses are having harder times contacting their local banks, credit unions, and even credit card companies. This makes the probability for fraud even greater because of the fact that so many businesses are down and out, focusing on other things. Here are a few tips to ensure your business stays safe online during the COVID-19 pandemic.
1. Creating and Enforcing Password Policies
Like banks, credit unions, and other financial institutions, your firm should make it a huge priority to create and enforce password policies in your business. Whether it is logging into the company’s bank accounts or it is logging into your own personal account with the company, you and your team have to make sure that the passwords are strong. For example, making sure employees choose passwords that are unique by having numbers, letters, and special characters is going to ensure that your business has a higher probability of staying safe. These passwords should be no shorter than 10 characters long. Also, consider using a password manager for this process. Having employees write down passwords and storing them in their own devices also poses a threat to your business.
2. Multi-factor authentication
Also known as two-step verification, multi-factor authentication asks another question rather than just having you put in your password. Usually, this question and answer are set up beforehand. For example, a few questions may be “What was the name of your first pet?” or “What is your mother’s maiden name?”. These types of questions can help ensure security when logging on in different locations. Also, banks and companies like Amazon will also send a text or call verification to the phone on file. In the end, the more steps there are, the more secured your business will be.
Backups allow your business to recover critical data in the event of a hack, whether it be ransomware or malware. Make sure that your business frequently tests backups and ensures that the critical data is updated. There is no worse feeling than having all of your data getting deleted just because you decided not to do your due diligence. It could end up costing you and your company tons of money if a backup policy is not implemented.
4. Making sure both software and firmware is updated
Because older computer software is more vulnerable to attacks, updating it frequently is going to ensure your business safety. There are things called patches that update the flaws in the software. For your business, don’t only make sure that patches are applied promptly but also make sure that the software is kept up to date. Also, make sure the firmware is updated as well.
5. Secure your Wifi
Hackers like to tap into your wifi to gain control of the network and hack into your business that way. To protect against this, make sure that all of the data that is involved with it is encrypted. I would recommend using WPA2 to ensure encryption, but use WPA3 if you can. Like I said earlier, change the default password of the Wifi to a stronger one and create a policy with that as well. In the end, ensure that your Wifi cannot be accessed while outside of the network.
6. Implementing a Robust Firewall
Implementing a Robust Firewall is probably one of, if not the most important step to ensuring your business’ safety. If you don’t know what a firewall is, it is basically something that sits between your network and your business organization. It basically authorizes who can see stored business data and who cannot. Make sure that your business ends up spending the extra dollar for a secure, top-notch firewall. The reason why this is so important right now is that the firewall also has to protect those who are working from home. In the end, the superior firewall will make it increasingly harder for hackers to gain control of valuable business information.
7. Monitor what you post
This is probably the biggest thing outside of your organization. Because of this, it is often the hardest to monitor. However, make sure that there are policies in place that tell workers what they can and can’t say about the company, especially on the internet. Once the information is out there, it is out there for good, and having no idea where it could end up is dangerous. All in all, ensure that workers won’t post any critical business information that could end up hurting the company, both financially and reputation-wise.
8. Have a web filter
Web filters protect the business against phishing attacks and malware. What it does is it notifies the user whether a website is safe to visit or not. Make sure that your business installs a DNS web-based filter, for these allow protection while working from home. If you can’t, really any web filter will do the trick. Also, train your employees on what to do when they may be coming across a specific attack. Tell them to always notify the company to ensure that the proper action is taken. Also, a web filter can block workers from visiting sites that may not be productive or work-related.
9. Security Awareness Training
This was somewhat highlighted in the above paragraph, but I feel that it needs its own section. All workers need to know how to handle a security threat. Whether it is email phishing, a trojan horse, worms, a virus, spyware, or any type of malware, they need to know the proper protocol. Teach them how to create passwords, protect their personal phones, and how to handle sensitive data.
If all of the above steps are put into place, you will make it tremendously harder for hackers to gain critical data from your company and use it to their own advantage.