Don’t Stick Your Head in the Sand – Practical Ways To Protect Your Business From Hackers and Phishing Attacks

img blog Dont Stick Head Sand Practical Ways Protect Business Hackers Phishing Attacks r1

As we wrote in a recent article, we made a dynamic change to Adaptive Office Solutions’ business model during the last year. Because of the cyber threats that skyrocketed with the onset of COVID, we have gone from “just” being a Managed Service Provider (MSP), to being the industry leader in Cyber Security for businesses in the New Brunswick province. 

(For more information about that, CLICK here for the short article.)

The crib note version of what a MSP does…  They address basic IT needs like: email solutions, data storage, hardware repair, software updates and basic security, such as a firewall and anti-virus. A MSP is reactive – they are called when something is already malfunctioning. 

That’s all very well and good, but businesses can no longer rely on out-of-the-box cybersecurity solutions like antivirus software and firewalls to keep their IT infrastructure protected. Bearing that in mind, our Cyber Security Plan includes the MSP offerings, but we’ve added the amazing features that a Managed Security Services Provider (MSSP) delivers. 

A MSSP is responsible for preventing, detecting, and responding to threats before they wreak havoc on your data. They provide many services to your business, including: end-point encryption, multi-factor authentication, security policies, vendor risk management, contingency plans, employee training, and multi-locational backups. In short, MSSPs provide proactive cyber security planning and services. 

A MSP + A MSSP = Adaptive’s Cyber Security Plan

Okay, now that we’ve gotten that out of the way… 

Cut to present day… In continuing to roll out the new cyber security plans we’ve been met with varying reactions. Some businesses sign up as soon as the presentation ends, others think about it for a fews days (or weeks) and then sign up, but a worrying few don’t think they need a Cyber Security Plan because they were, “Just a small business in Miramichi.” 

RELATED: Cyber Attacks are Growing Against Small Businesses

To be clear, every business (and every device) needs a cyber security plan. Especially if you have cyber insurance. Yes, you read that right. Cyber insurance plans will NOT cover you if they can prove gross negligence. And, without a proactive Cyber Security Plan in place, you won’t get a dime. You might ask yourself, What is the basis for this gloomy prediction?

In the last year, we have seen insurance companies introduce increasingly complicated policies – what was once a one page form, is now more than 10 pages – that demand you adhere to extreme security requirements before issuing policies. In short, cyber insurance companies exist for one reason to make money. So, they can, and will, use all of the information you provide to reject claims based on gross cyber security negligence.

But, if you feel that investing in a professional cyber security plan isn’t in the budget – even though technology is what keeps your business running in the first place – at least (please, I’m begging) have some DIY cyber protection measures in place. 

According to excerpts from an article by Forbes, they wrote, “Sensitive information is stored and accessed digitally by businesses every day. While it’s a lot more convenient for companies to have data stored digitally, unfortunately this also means these files are more vulnerable to attacks from hackers. Malicious users can gain access to a company’s data in several ways, including phishing; a method which takes advantage of unsuspecting employees as a gateway. 

However, there are also a number of ways companies can protect themselves and their data from such attacks. Below, eight professionals from the Young Entrepreneur Council discuss how companies can guard against these attacks and why every business should make their digital security a priority.

1. Communicate With Your Team

Communicating regularly with your team about phishing attacks is critical. Most people in an organization learn from these mistakes, but it takes one compromised incident in order to put them on high alert. Having regular meetings about what a phishing attack might look like helps prepare your team in advance of a breach. You can reinforce these meetings by highlighting the consequences of these attacks not only for the company’s reputation, but also for the security of customer information. Phishing sites regularly use similar-looking domains that mimic popular online sites your company may be using. Encourage the use of password vault programs [like Keeper], which can store complex passwords and only works when the URL matches the stored URL. – Robert De Los Santos, Sky High Party Rentals

2. Change Your Passwords Regularly

My team likes to switch them up every four months. By this point, we all know the switch dates by heart so we know when to expect them and change our documents. Regularly changing your passwords is one of the best lines of defense against hackers and bad actors looking to steal your information. – Amine Rahal, IronMonk Solutions

3. Update Your Software

A basic and simple method that many businesses neglect is to simply update their software. This can be your content management system platform, cloud-based tool or any other program you use. Software and technology companies are always adding security protocols to their products, but they won’t work if you aren’t updating your apps and tools. You can choose an auto-update feature in your tools’ settings that will automatically update the solutions you use. If you’re more tech-savvy, you can create manual updates too. But the key is to stay on top of these changes and to update your entire suite of tools to keep your data safe from hackers. – Blair Williams, MemberPress

4. Use Different Passwords For All Accounts

I always tell clients, “You cannot prevent a hack or cybersecurity attack. It will inevitably happen to you at some point. You can only defend against the damages by being one step ahead of the attackers.” One easy way is to never use the same password for all your digital access points. From your computer password to your email password to your hosting and website dashboard, make them all different. That way, if someone gets a hold of that one phrase, they won’t have access to all your customer data. Then, store those passwords in an encrypted password vault [like Keeper] so the likelihood of a breach is as reduced as possible. – Terry Tateossian, Socialfix Media

5. Use Multi-Factor Authentication

The best way to keep your company safe from cyberattacks is to have your employees use multi-factor authentication. In other words, new sign-ins require a phone, email or code verification before account information is provided. Use this strategy to stop hackers in their tracks since it’s unlikely that they will have access to the secondary device. – Chris Christoff, MonsterInsights

6. Install Software You Trust

There are hackers who create applications and software that look trustworthy but are actually not. When you install them on your computer, you actually end up installing malware that can create a lot of damage. Beware of such malicious elements. One way of doing that is to check the number of active installations and read the reviews before downloading any software. Once you know that it isn’t a look-alike app and is actually trustworthy, go ahead and download it. – Thomas Griffin, OptinMonster

7. Use A Password Management Tool

A password management tool can help you boost the security on your website or plugins that you use. We use such a tool in our business since we need multiple team members to access different platforms. It makes it easy for us to share passwords without actually revealing what they are. We also have control over who can use a password by enabling or disabling access or by changing the password itself. A good password management tool will auto-generate complex passwords that are unlikely to get hacked. It will encrypt your username, email and password so that it can’t be accessed by outside parties. This is a simple tactic that any business can use to protect their business data right away. – Syed Balkhi, WPBeginner

8. Limit Employee Access To Sensitive Info

Far too often, vulnerable systems and information are left exposed to the possibility of human error. To reduce your chances of a system breach, I recommend making sure that only the most trusted team members have login credentials to access any sensitive data and ensure that all company accounts for outgoing employees are deleted after they’ve left. The worst thing you can do is forget to change access codes for an unhappy outgoing employee who might be able to turn around and jeopardize sensitive documents. – Tyler Gallagher, Regal Assets

Adaptive Office Solutions also suggests… Use An Anti-Phishing Toolbar

Use comprehensive tools that detect and disable Phishing links. Proofpoint Tools are available that utilize signature-based detection to protect against known threats, and determine what emails to accept or reject.  As part of their advanced threat protection, they offer Targeted Attack Protection (TAP), which works to detect, analyze and block potential threats before they ever reach an inbox, eliminating the possibility of the receiver clicking the URL. Threats detected include advanced email threats which often come in the form of malicious attachments and URLs. TAP also comes with adaptive controls that isolate the riskiest URL clicks. Another feature of TAP is detecting potential risks and threats within cloud apps.

On a different note… Remember the client(s) who said, “But, I’m just a small business in Miramichi…” That way of thinking just might put them out of business. But, don’t take my words for it…

In excerpts from an article by Hacked, they wrote, “Small and medium-sized businesses are a prime target for hackers and scammers. If you own a business, you might not know how to keep your livelihood safe from attackers. This guide will teach you how to protect your business from hackers and prevent losing your income, online accounts [and data].

Why You Need to Protect Your Business From Hackers

Cybercrime is one of the biggest dangers facing small businesses in the modern age. Hackers target businesses as they are guaranteed money sources, but larger companies often have comprehensive security systems.

Smaller business owners don’t always consider cybersecurity when founding their business. This lack of security makes them low-risk, high-return targets for hackers. According to some estimates published by Keeper Security, nearly half of small business owners have no idea how to protect themselves against online attacks.

The big problem with this lack of technical understanding is that it causes many businesses to fail. More than half of small businesses that hackers have targeted, go out of business within 6 months of the breach.

How to Protect Your Business From Hackers

Devote Adequate Time and Money

An important factor ignored by many business owners is how much time and money is being spent on cybersecurity. Ensure that you have allocated resources to spend on making your network, hardware, data and online accounts secure.

Make Your Whole Team Aware

Your security is only as good as the weakest part of that security. In most cases, employees are the weakest link in business security.

RELATED: Are Your Employees the Weakest Link in Cyber Security?  

CEOs or HR managers should ensure that all of their staff follow decent security procedures, both in and out of the workplace. Any laptop, phone, or other devices that an employee uses for work is a potential weak point that a hacker may exploit.

We recommend that your business schedules a security month every year where you talk about different security aspects of your business. Education is one of the most important things when it comes to boosting your company’s security culture.

The Weak Links in Protecting Your Small Business

There are several important tools you can use to ensure that your small business stays safe from hackers. You should ensure that you’re using these tools at all times.

  • Neglecting 2-Factor Authentication – While you might think of 2FA as nothing but an inconvenience, it is one of the most necessary security features you can use. It forces you to prove who you are via several means before logging into a system or account. It’s the same thinking between needing a key and a facial ID in physical security.

When hackers try to break into an account, the first thing they’ll run up against is 2FA. If you don’t activate 2FA, you’re making yourself an easy target. Hackers will breach your account, in many cases with little trouble.

99.9% of all accounts hacked are those that don’t bother to use 2FA. Shockingly, even business users don’t seem to use 2FA often enough. Only 11% of Microsoft Enterprise accounts have 2FA turned on, despite being used by many important companies.

If you’re not using 2FA on all your accounts, you need to start right away.

  • Using a Weak Password – Another huge red flag that hackers look for is a weak password. Even if you have 2FA enabled, some sophisticated hackers can get around this. The next obstacle for hackers is your password.

Most people have been using the same passwords for the past 20 years, and 65% of people use the same password for all of their accounts. If you’re one of those people who always uses the same password, you’re putting yourself at risk.

As hackers leak data, passwords become unsafe. Your password from the late 90s is almost certainly known, so if you’re using this password for your modern email accounts, they’re extremely vulnerable. You should always create a strong password for each new account or system that you join.

If you struggle to remember these passwords, using a service like Dashlane or LastPass is a more secure option than using a single password for everything. It would help if you tried to avoid common password mistakes that many people make.

  • No Education on Social Engineering – Social Engineering is the most popular form of hacking. Hackers know that many companies have strong security, but they know that human beings are easy to fool. Even in the case of one of the biggest hacks in human history, human engineering started everything.

If you’re not familiar with the term and what it means, you’re making yourself more of a target for hackers. Criminals can use psychological tactics to make you want to click on messages they send to you. Once you’ve clicked the attachment, it could fill your computer and even your network with malware.

It’s imperative that you learn the signs of social engineering and how to avoid them.

  • Using Out-Of-Date Software – Keeping antivirus and antimalware software up-to-date is important to avoid becoming a victim. 

Antimalware software is a must-have in the modern era, but many people don’t take the obligation seriously. If you download a free antivirus program but keep ignoring the update notifications on your screen, then you’re more likely to find hackers targeting you.

Updates to antivirus and antimalware programs are important because they keep your security up-to-date on what new types of malware are out there. If you’ve not updated in several months, there are probably programs online that are now designed to get around the security you have. Hackers update their malware to target people who aren’t diligent with updating their security software.

It’s not just about antivirus programs either. Your operating system and other system applications can have security flaws and other vulnerabilities. Updating this software is the best way to deal with these problems. Take the recent Slack security problem. If you update your Slack application, it is no longer unsafe because the flaw was discovered and patched.

  • Not Using a VPN – While VPNs won’t protect you from malware or social engineering, they keep your connections more private. If hackers are looking for data about you they can use to gain access to your account, they’re less likely to get it from you directly if you use a VPN. VPNs can keep your connection completely private, preventing governments and intruders from logging your information between sites. 

As with many things in the world of cybersecurity, you’re better safe than sorry. Using a VPN when you can [on EVERY device, including cell phones], prevents hackers from collecting information too easily, and anything you can do to make hacking your accounts harder is going to help to put off potential intruders from attempting to hack you.”

***As you may have deduced, a few of those tips are repeated, so let’s offer some additional tips from vaiour resources…

In excerpts from an article by SwiftSystems, they wrote, “If you turn on the news, you know the world is an incredibly dangerous place. Unstable regimes and some countries have turned a blind eye to hackers, which means being able to protect your business from hackers has become something that’s more important than ever.

You can protect your business from hackers right now. The longer you wait without the help of a [cyber security] provider, the greater the chance an attack can happen to your company at any time. You really can’t afford to waste any more time, so here are a few ways to help protect your business from hackers right now.

Regular Backups 

Get used to backing up your systems. Businesses should back up all the files and systems at least once a week. The more data changes you make a day, the better it is to back up every day.

Back up shouldn’t simply take place in a single location either. You want to ensure your business has back up on-site, but also off-site as well. The uncomfortable truth is that every hard drive will eventually fail and you don’t want this to happen to your only back up.

Once you’ve got the basics covered, you want to start adding extra layers of security to your business. Your business might need plenty of different security packages, but the essentials include:

  • Secure Sockets Layer (SSL) – SSL is an essential tool to protect the information users send between the website and the database. The code prevents information from being read or accessed without proper access.
  • Web Application Firewall – a web application firewall (WAF) can be software or hardware based. It is essentially a protection between your website service and the data connection, scouring through all of the data that passes between these two systems. WAF is typically a cloud-based system and you can find them with monthly subscription fees.
  • Website and software scanners – You’ll also want to add scanners that regularly scan your website and software. They can help detect and stop malware, viruses and bad code.

When you are looking for the above security programs, remember to check a few options. Don’t be scared of the costs – plenty of good security software can be used free or for a minimal fee.

Anti-Malware and Anti-Virus Programs

Most malware is installed through network security hacks, but being vigilant about cybercrime is as much about anticipating tomorrow’s threats as it is defending against today’s. Email phishing, spoofing, and apps that access social media accounts are popping up with increasing regularity. 

Loading anti-malware and anti-virus protection on your machines – that goes for mobile devices as well – and running it after every software install can help ensure these threats don’t take place.

Also, keeping programs and hardware up to date – from upgrading to newer routers and computers to immediately installing browser and software updates – blocks malicious worms that thrive in older equipment and out-of-date software.

Make Sure Your Data is Secure and Encrypted

Hackers are focused on two things – creating chaos and stealing money. If your data is unsecured… bank routing digits, credit card accounts, employee social security numbers, etc.,  are all a gold mine for hackers.

If your data is currently being transmitted over the internet, you want it to be encrypted. Also think about turning on full-disk encryption tools that come standard on most [new] operating systems – for PCs, it’s called BitLocker, while on Macs it’s called FileVault.

Activating the feature takes only a few minutes; once on, it’ll encrypt every file and program on the drive with no noticeable performance lag. But there is one catch: the encryption applies only when users are logged in to the computer. That means hackers can still attack through viruses and malware while the system is running. Setting computers to automatically log out after 15 minutes without use helps enforce this measure.”

In excerpts from and article by Telstra Ventures, they added, “Use secure browsers. Think of the browser as the keeper of all information whenever a person visits the world wide web. It stores large amounts of information that can be exploited when not managed properly. A person’s cookies, credentials, browsing history, and other related information are at stake. Regardless of which browser you choose, never save your username and password in the browser when prompted.

Some popular browsers have modes in which they can provide better security. The new Firefox browser, for instance, offers modifications to tighten protection against hacks and malware.”

Additional suggestions

  • Deploy a SPAM filter that detects viruses, blank senders, etc.
  • Develop a security policy that includes, but isn’t limited to, password expiration and complexity.
  • Make sure to have a contingency plan in place, in case your infrastructure has been breached. 
  • Deploy a web filter to block malicious websites.
  • Convert HTML email into text only email messages or disable HTML email messages.
  • Install an anti-spyware package
  • Shut it down – shutting down your computer, overnight or during long stretches when you’re not working, breaks the connection a hacker may have established with your network and disrupts any possible mischief.
  • Secure your router – Routers don’t usually come with the highest security settings enabled. When setting up your network, log in to the router, and set a password using a secure, encrypted setup.

Bonus Information…

How to Secure YOUR PHONE  from Hackers

To secure your mobile device, you may need to take different security measures than you would to secure a computer. Follow these tips from Webroot to help you protect your mobile devices from hackers:

Turn off Bluetooth.

When you’re not using Bluetooth, turn it off. Keeping your Bluetooth on but dormant opens another back door for computer hackers.

Don’t use unsecured public Wi-Fi.

Password-free, widely used Wi-Fi networks have no security features. As such, they’re prime targets for computer hackers.

Get a security app.

Install a security app on your phone, just as you should install a firewall, antivirus software and an anti-spyware package on your computer. Popular options include Avast, Kaspersky Mobile Antivirus and Bitdefender.

Use a better passcode.

Unlock codes like 0000 and 1234 are easy to remember, but they’re also easy to guess. Instead, opt for a randomly generated, six-number passcode. And, double down with Face ID. 

Switch off autocomplete.

Autocomplete is the feature that guesses what you’re typing and completes the word, phrase or other information for you. While convenient, this tool all but hands your email address, mailing address, phone number and other important information to hackers. Switch it off.

Clear your browsing history.

Your mobile web browser has a browsing history, too. Clear it often – including cookies and cached files – to give hackers as little information as possible to work with if they do break into your phone.

***Key takeaway: Mobile devices require additional efforts to protect, including deactivating certain features when they’re not in use and installing security applications.”

Businesses can no longer rely on out-of-the-box cybersecurity solutions like antivirus software and firewalls. When your network suffers from unknown security gaps, hackers can easily gain access to your entire network infrastructure, resulting in data loss, costly downtime, and irreparable damage to your business and reputation. 

Adaptive’s Cyber Security Plan offers the best of both programs – MSP and MSSP.  We keep cyber crime at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. By making an investment in multi-layered cybersecurity, you can leverage our expertise to boost your defenses, mitigate risks, and protect your data with next-gen IT security solutions. 

At Adaptive Office Solutions cyber security is our specialty. When you know your technology is being looked after, you can forget about struggling with IT issues and concentrate on running your business. By making an upfront investment in your cybersecurity, you can lower your costs through systems that are running at their prime; creating greater efficiency and preventing data loss and costly downtime. 

To schedule your Cyber Security Risk Review, call the Adaptive Office Solution service hotline at 506-624-9480 or email us at helpdesk@adaptiveoffice.ca

Categories
Archives