What Is Cybersecurity and Why Does It Need a Month?
First off, let’s address what cybersecurity is; Cisco puts it like this:
Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.
(Source: Cisco - What Is Cybersecurity?)
Now implementing it effectively is especially difficult for most small businesses because there are more devices than people, and attackers are becoming more creative.
Now that you understand what it is, let’s look at when it started. Cybersecurity Awareness Month started back in 2004 when the United States established October Cybersecurity Awareness Month to help citizens secure themselves online as technology and dangers against it become more sophisticated and ingrained in our daily lives.
Kilby Spencer, Regional Technology Manager at Appalachian Regional Library, had this to say:
Small businesses and local governments are often targeted by ransomware and phishing scams. Working with limited budgets, the most cost-effective tool for protection is educating all employees about the best practices.
The purpose of Cybersecurity Awareness Month is to make information available to protect you and your small business against a potential cyberattack.
Here are twenty-two cybersecurity tips for you and your small business.
22 Tips to Help Secure Yourself and Your Small Business from Cyber Attacks
Smart Devices, Phones, Computers, and Tablets
Smart home devices and Internet of Things (IoT) are more popular than ever. While these items make our lives easier, they also provide a safe refuge for would-be hackers.
The cost of breaches will be viewed like the toll taken by car crashes, which have not persuaded very many people not to drive.
Therefore you can use these strategies to keep your gadgets safe from hackers!
- Check for reviews from trustworthy sites like Consumer Reports., among others.
- Use of two-factor authentication when available.
- Don’t ignore updates and upgrades! Waiting for an update is significantly less inconvenient than dealing with a compromised network.
- If you are trading or recycling a device, wipe it clean with all your information by using the factory reset.
Cybercrime is on the rise, and one of the best means to deter cybercriminals from stealing your money or identity is to safeguard your passwords.
- Using memorable phrases such as song lyrics or a favorite quote can make it easier to remember. Make sure that your phrase contains special characters like exclamation or question marks.
- Use different passwords for different accounts. This is critical because cyber criminals can get a username and password to one account, and they will use it to access your other accounts they think you might be using.
- Utilize a password manager such as LastPass.
- Choose a master password for your password manager that is both strong and one-of-a-kind.
- Using public WiFi to log in to sensitive accounts (banking, healthcare, etc.) can put your personal information at risk.
- Sharing passwords with trusted people in your life may seem safe. Still, if the people you share your passwords with have their computers or phones compromised, your passwords may also be stolen.
- Never use the default logins. These are easy picking for cyber crooks!
Protect Yourself From a Smishing Attack
Smishing is a type of phishing in which hackers send you an email or text message in order to trick you into providing your personal information or clicking on a link that installs malware on your phone, computer, or tablet. Their goal is to steal your identity as well as your money.
Barracuda Networks researchers analyzed millions of emails across thousands of businesses between January 2021 and December 2021. Here are some of their key takeaways:
- A small business with less than “100 employees will experience 350% more social engineering attacks than an employee of a larger enterprise.”
- 51% of social engineering attacks are phishing.
- Microsoft is the most impersonated brand, used in 57% of phishing attacks.
- In 2021 20% of businesses had an account compromised.
- Cybercriminals compromised approximately 500,000 Microsoft 365 accounts in 2021.
(Source: Barracuda Networks)
- Unrecognized emails or text messages from numbers you don’t know are much more likely to contain smishing links. Even if you get an email or text message from someone with a link, you should consider verifying that they meant to send the link before clicking it.
- When it comes to email, hackers are getting very sophisticated and making emails look like they are from legitimate sources. Don’t ever click on these links; you are better off going directly to the site to confirm a problem or if you need to take action.
- Never install apps from text messages
- Urgent text messages asking you to take any action or face a negative consequence should be approached with extreme caution.
Employment scams aren’t anything new, but they have become more sophisticated as scammers use the freelance and “gig” sites where they pose as legitimate companies where they dupe people into giving them their banking information, or even require them to pay upfront for the job. Unfortunately, we at Cube Creative have been spoofed and gotten numerous emails about this. Therefore avoid these by:
- Doing your research. Go out and look up the company to see if they are hiring or what “your contacts” actual job title is.
- Beware bogus job emails. The quickest way to recognize them will be grammatical mistakes, misspellings, or they will come from a personal email address (@gmail.com, @yahoo.com, @outlook.com, etc.).
- If an agency “representative” says the job is ready for you, but you have to pay a fee, provide your username and password, etc., then hold on to your money and report the account to the site where they found you.
How to Stay Safe When Using Free Wi-Fi
I often joke that I chase free Wi-Fi and coffee when I am out and about.
Many coffee shops, businesses, and restaurants will offer free Wi-Fi access. While it’s super convenient and easy, it does come with some inherent risks. Here are some precautions:
- Again, avoid accessing banking, credit card, or other accounts containing sensitive financial or personal information.
- Even if a hotel or merchant requests it, never send credit card or banking information over email.
- Use virtual private networks, or VPNs (NordVPN, Private Internet Access,etc.), which encrypt all data transfers.
- Update your operating system regularly and ensure you have the most recent security downloads.
While some of what I have conveyed may scare you a little, and frankly, it should. Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda, said this:
“Small businesses often have fewer resources and lack security expertise, which leaves them more vulnerable to spear-phishing attacks, and cybercriminals are taking advantage. That’s why it’s important for businesses of all sizes not to overlook investing in security, both technology, and user education. The damage caused by a breach or a compromised account can be even more costly.”
The bottom line is the best offense is always a good defense. Use the tips provided to help protect you and your small business.