Over the years, we have all been mistakenly led to believe that hackers mainly target large companies and government agencies because of the sheer volume of valuable data in their possession. While large organizations are still a viable target, according to a recent report in Forbes magazine, small businesses are actually three times more likely to be targeted by cybercriminals than larger organizations.
The shift in tactics by hackers to small businesses is troubling but should not be surprising. In recent years, large organizations have allocated significant budget dollars and time to help protect their networks from cyberattacks. These proactive measures have given large organizations the tools to respond and recover should an incident occur, plus they’ve made it much more difficult for cybercriminals. Hackers are now finding the ‘path of least resistance’ to be small and medium-sized organizations—many of which are family owned and operated.
The good news is that there are some simple steps we can take to better protect ourselves, our loved ones, and our businesses from cybercriminals.
1. FOLLOW GOOD PASSWORD PRACTICES
Poor password practices significantly increase the risk of successful cyberattacks and data breaches. According to a recent study in Security Magazine, data breaches involving compromised passwords increased 200% year-over-year. To protect ourselves, our families, and our businesses, it’s important to understand what we should and should not be doing when it comes to passwords:
Create a complex password: A complex password consists of a combination of letters—upper case and lower case, numbers, and special characters ($, %, #, @, etc.) and has a minimum character length of 9-14 characters. Cybercriminals are always looking for easy entry, but a complex password is very difficult for cybercriminals to crack.
Do not re-use passwords: It’s important that we do not use the same passwords on multiple sites. Cybercriminals buy log-in credentials from previous data breaches—once they have your email address, they will try to use the password they bought to log-in to your other accounts. If you are using the same password on multiple sites, the likelihood of a hacker accessing one of your other accounts increases significantly.
Change your password(s) every 90 days: Most software applications allow you to enforce a rule that requires a password change at a regular interval. The more often you do this, the better. Changing your password at a regular interval makes it much less likely that a hacker who has purchased compromised email addresses and passwords will be able to use them to log into your accounts.
2. SECURE YOUR WI-FI
As more of us are working from home, it’s important to make sure that our Wi-Fi is set up properly and securely. Below are a few simple steps you can take to better secure your Wi-Fi.
Your Wi-Fi name: Make sure your Wi-Fi name does not convey any information about your company or yourself (company name, company location, family name, etc.). Hackers are always searching for available Wi-Fi nearby at their location. We do not want them to know which Wi-Fi signals belong to us or our company.
Create a strong password: The password for our Wi-Fi network should be as strong as the passwords recommended above for accessing our accounts. Therefore, a Wi-Fi password should consist of a combination of letters—upper case and lower case, numbers, and special characters ($, %, #, @, etc.) and have a minimum character length of 9-14 characters.
Turn off name broadcasting: Name broadcasting allows nearby users to see which Wi-Fi networks are available in their area. Disabling name broadcasting keeps your Wi-Fi invisible to the public (and hackers). The name of your Wi-Fi can be provided to trusted users when they need to access it. Once the trusted user has the name of the Wi-Fi, they will be able to find it using the search feature on their device.
3. ENABLE MULTI-FACTOR AUTHENTICATION
Multi-factor authentication occurs when you must provide two or more pieces of evidence to access a computer system. It is based on the principle of something you know and something you own. For example: you enter a password and then receive a text message on your mobile phone with an additional code—the password is something you know, and the mobile phone is something you own.
Multi-factor authentication makes it harder for hackers to log in as if they were you. Your information is safer because even if a hacker manages to obtain your password, they will still need your mobile phone to log-into your account.
If you are using an email address (username) + a password to log-in to an account, you should ensure that you have multi-factor authentication enabled. Many programs that we use daily, such as Google G-Suite, Microsoft Outlook, SLACK, and Zoom offer free two-factor authentication and provide instructions on their websites on how to enable it.
Cyberattacks against small businesses are on the rise but by implementing some simple strategies, we can better protect ourselves, our loved ones, and our businesses. If you found this article helpful, please check out: “Your Employees Can Be Your Best Defense Against a Cyberattack,” to learn some more helpful tips.