Four Simple Cybersecurity Tips for Small Businesses | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

During National Small Business Week in April, small businesses were urged to use the free resources offered by the National Cybersecurity and Infrastructure Security Agency (CISA) to better prepare against cyberattacks. 

According to a cybercrime study by Accenture, nearly 43% of all cyberattacks are aimed at small businesses, with losses ranging from $826 to $653,587 per incident. Accenture found that only 14% of SMBs were ready to handle these attacks. 

Luckily, CISA offers four simple tips that can help any small business improve their cybersecurity.

1. Train staff to recognize phishing

According to the FBI’s 2023 Internet Crime Report, there were 298,878 reports of entities falling victim to a phishing scam. This number is slightly lower than that for 2022 (300,497), but still much higher than the reports for personal data breach (55,851), non-delivery or non-payment (50,523), extortion (48,223), or tech support (37,560). 

And, as PhishMe notes, up to 91% of all breaches begin as a result of phishing. 

By keeping your employees informed and aware of the dangers of phishing, your business can reduce its risk. Here are some of the ways to mitigate phishing with your staff:

  • Spot the signs: Train them to identify red flags like unusual requests, urgency tactics, and emails seemingly from trusted sources (colleagues, banks). Phishing attempts often contain grammatical errors or a sender address that doesn’t quite match the supposed sender’s organization.
  • Regular drills: Keep cybersecurity top-of-mind. Schedule regular training sessions to keep them updated on the latest phishing tactics.
  • Free resources: You don’t have to reinvent the wheel. Many organizations offer free anti-phishing training materials. Consider resources from your IT provider, industry associations, or even the Cybersecurity & Infrastructure Security Agency (CISA).
  • Stay informed: Designate a security champion to stay on top of current cyber threats and share this knowledge with your team. This keeps everyone vigilant between training sessions.
  • Culture of security: Make online safety a core value. Regularly emphasize cybersecurity best practices, just like any other important workplace policy. Ensure staff know how to report suspicious emails to prevent them from impacting your business.

By empowering your employees with knowledge and creating a security-conscious environment, you can significantly reduce the risk of falling victim to phishing scams.

2. Require strong passwords

One of the simplest things every business can do is ensure that they (and their employees) use strong passwords. If the United Kingdom is practically outlawing common passwords, you know it’s time to step up your game.

Make passwords at least 16 characters long, and ideally longer. Think of a complex sentence instead of a single word, e.g., ILovePizzaWithAnchovies&! or GrumpyCatHatesMondays72! Combine uppercase and lowercase letters, numbers, and symbols for maximum security, and never reuse passwords across different accounts. A stolen password from one site becomes a skeleton key for others.

If you aren’t convinced that employees will follow these guidelines, ask your IT team to set user settings to enforce these rules. You could also provide an enterprise-level password manager.  It creates, stores, and fills in strong passwords for you, eliminating the need to remember multiple complex ones. This simplifies strong password usage for everyone and protects your business, employees, and customers.

And, when you buy new equipment, bear in mind that many devices come with pre-set usernames and passwords. Instruct staff to change these defaults immediately to prevent easy access for attackers.

3. Use Multifactor Authentication (MFA)

Hackers are constantly upping their tactics, and passwords alone just don’t cut it anymore. But there’s a simple solution: Multifactor Authentication (MFA). It’s a security system that requires more than one method to verify a user’s identity when logging in to a computer system or online account.

With MFA, even if a hacker steals your password, they still need an extra verification step (like a code or fingerprint scan) to access your system. This significantly reduces the risk of unauthorized logins.

The good news is that MFA is an extremely simple implementation. Work with your tech team to identify critical systems like email, file storage, and VPNs, and prioritize enabling MFA there first. You can use different verification methods, depending on your needs. Basic options like phone codes are a good start, while authenticator apps and security keys offer even stronger protection.

4. Update your software

Outdated software usually means there are vulnerabilities—exploitable weaknesses—that malicious actors can use to access your critical systems and data. Software developers usually release patches on a regular basis when they become aware of any flaws in their products, but they won’t be effective if they aren’t implemented quickly. Unpatched systems remain susceptible to known exploits, creating a significant entry point for cybercriminals.

Automatic updates for operating systems and third-party software are a good way to stay on top of patches, but you’ll need to conduct regular network security assessments and vulnerability scans to identify and address any gaps in patch coverage.

Bear in mind that both software and hardware manufacturers will eventually discontinue support for their products, which make them more vulnerable to exploitation. Keep an inventory of authorized assets and replace unsupported systems with current versions to stay safe. 

Taking an extra step

Every cybersecurity measure you put in place makes your business a little more resilient against cyberattacks. Training, multi-factor authentication, stronger passwords, and regular software updates are just a few of the ways you can protect your business from cyberattacks today. CISA also offers multiple online resources for small businesses that can teach you how to roll out these changes, even if you don’t have any prior cybersecurity experience. 

Don’t become a statistic. A few simple steps can make a world of difference. 

But if you still aren’t confident that you have the resources or the know-how to implement these changes yourself, it’s time to get in touch with Coro. 

Coro was founded to make cybersecurity readily accessible and affordable for small businesses. We reduce the complexity of becoming cyber-resilient while still offering you complete peace of mind. See what we offer.

*** This is a Security Bloggers Network syndicated blog from Blog – Coro Cybersecurity authored by Kevin Smith. Read the original post at:


Click Here For The Original Source.

National Cyber Security