As the COVID-19 pandemic continues its seemingly endless run, small businesses should take the time to assess that they are doing what is necessary for optimal cybersecurity. Organizations should invest the time and resources now to help lessen the negative impact of the virus both during and after the pandemic as the business landscape has become less secure.
In this article, we will discuss some of the ways your small business can enhance your cybersecurity to meet the challenges of the more perilous business environment since COVID-19.
Reinforce the Basics of Good Cyber Hygiene
The first thing your small business should ensure is that all employees are well-trained in understanding and implementing the basics of good cyber hygiene. This process should have already been done pre-pandemic, but good cyber hygiene will be even more important during and after COVID-19. Some key aspects of good cyber hygiene for your organization include:
Inventorying equipment and analyzing and addressing weaknesses
Your company should create a list of all cyber-facing IT assets, which you can then analyze for weaknesses. For example, any unused or little used equipment should be wiped and disposed of as necessary. All software and apps should be regularly updated. New passwords should be put in place and any applications that are not currently running should be uninstalled. Programs that serve duplicative purposes should be either reduced to one, or one program should be deemed the primary option and the other application should be used only as a backup.
Creating a comprehensive cyber hygiene policy
This policy should involve a common set of practices, tasks, and activities that are well documented to ensure that a high level of cyber hygiene is maintained at your small business. Some typical components of this policy include password protocols, software and hardware updates, an inventory of new application installs, regular patching, frequent reviews and updates of antivirus applications, regular reviews and upgrades of IT infrastructure, and the use of reliable backups. In addition, smart cyber hygiene involves being judicious about how many employees have access to various parts of your network. This process includes limiting the number of personnel who have administrative access and new software installation privileges.
Achieving employee buy-in
One key lesson for your company’s efforts is to reinforce the idea that good cyber hygiene is not only the IT Department or IT Support partner’s concern, but that it is rather an organizational and business issue that all employees must strongly support. Training and awareness efforts by your company should emphasize this theme since many positive cyber hygiene practices, such as proper password settings and responsible internet and email behavior, are dependent on employee input.
Protect Remote Work Efforts
Despite all the positive benefits of remote work, one serious threat that always accompanies telework is the enhanced danger of cyberattacks. The employee is always the weakest link in a company’s cybersecurity defenses and never more so than when using personal devices to access the company network. These devices are almost always less protected than company assets and provide more enticing portals for cyber criminals to gain access to your company’s network. Cyberattacks and data breaches continue to rise at a frightening pace during the pandemic, as hackers have been taking advantage of the huge increase of inexperienced teleworkers. Even when bringing relatively secure company devices home, employees generally become less diligent about practicing good internet and email behavior and will more likely fall victim to phishing attacks and other malware.
Your company should make sure that your employees are supplied with updated and well-protected remote work equipment and tools and ensure they are trained in good cyber hygiene including proper email and internet behavior. In addition, your company should encourage your staff to use additional protective methods such as blurring their personal screen backgrounds during virtual meetings, especially with outside organizations.
Be Vigilant about Traditional and COVID-19 Cyber Scams
Cybercriminals have made dealing with this pandemic even more miserable with their enhanced efforts to gain unauthorized access to sensitive information and company funds. Traditional scams such as ransomware and phishing have increased dramatically as hackers use enticing messages as well as deceptively real-looking communications from fake superiors to trick employees into granting them access to their private networks. The increased number of employees working remotely has resulted in many more portals for hackers to exploit. These bad actors have also increased the use of messages offering bogus investment advice to capitalize on the financial uncertainty of a nervous public.
In addition to traditional cyber scams, cybercriminals have directly exploited the chaos and insecurity of the pandemic by creating phony websites and emails claiming to offer information on the spread of the virus or on how to avoid becoming infected. For example, one type of legitimate website that has become popular during these anxious times has been the interactive site offering some form of a map that accurately tracks the spread of the virus throughout the United States and the world. Cybercriminals have exploited this trend by developing similar looking tracking websites with official sounding names. When the unsuspecting user clicks on the site, an embedded malware is transferred to their device, which can steal usernames, passwords, credit card numbers, and other sensitive data that is stored in their browser.
Updated cybersecurity software, firewalls, and other defensive tools, proper employee training, and regular communication are the keys to successfully fighting cybercriminals. One of the most important lines of defense in defeating these types of cyber scams is training your employees in good cyber hygiene and proper email and internet behavior. Your company should also regularly inform your staff about any ongoing or new COVID-19-related and other scams as well as caution them about phony products and websites. At a minimum, your company should inform your employees weekly of current and new threats and encourage your staff to share their experiences with cyber scams to provide warnings to other employees.
Purchase Cyber Insurance
In light of the increased cyber threats because of COVID-19, it is important for your organization to investigate the purchase of cybersecurity insurance. Cybersecurity insurance is a risk management tool that comes in various forms with the main goal of mitigating the impact of any malicious cyber events. If your organization handles sensitive client information in the health care or financial sectors you will most likely be required to have cybersecurity insurance to comply with HIPAA and FINRA, respectively. In addition, if your small business works with any organizations in the European Union, cybersecurity insurance will be necessary to comply with GDPR.
Cybersecurity insurance policies will directly reimburse your company in the event of cyber-related incidents such as malware attacks, data breaches, and any other events that affect your clients or other company-related partners or vendors. Cybersecurity insurance can also be used as part of an important backup system in the event of an infection. If there is a successful network breach, most policies will provide comprehensive financial and legal protection for your small business. This service protects your company by covering a good-sized payment amount (normally up to $10,000) to meet any ransomware requests. In some cases, the cost of reaching a small settlement is far less than updating or upgrading compromised IT assets. One must also consider the damaging cost of the stain on your company’s reputation caused by the corruption of sensitive client data. It also makes sense to quickly eliminate the potential danger of a breach that would result in expensive downtime.
Consult with an IT Support Partner
During this unprecedented time of increased cybercriminal activity, we encourage you to reach out to a trusted IT Support Partner, like Network Depot, to help ensure that your company is optimally protecting itself against the greater cybersecurity threat. A reliable IT partner will assess your organization’s current cybersecurity efforts and inform you of your strengths and weaknesses in this important area. Your IT partner will offer your small business valuable advice and will implement any necessary solutions to help protect your organization against aggressive cybercriminals during this pandemic and beyond. By following these recommendations and working closely with your IT partner, your organization will be able to meet the cybersecurity challenges of this difficult time and achieve your unique objectives.