Background:
Imagine a business where customers are calling every 15-30 minutes during business hours. Staff is constantly on the phone. You walk in one day to silence. You sit down at your desk and can’t log in to your email. Wrong password. Odd, you didn’t change the password. It’s ok, just go to reset it. While you wait for the text message with the instructions you notice that your computer is slow and not always responding to your inputs. Let’s restart it and get coffee. It’s too early for this. You shut the computer down, head to the kitchen for coffee where you find colleagues who are also locked out of their system. A panicked colleague exclaims “we’ve been breached!”
A criminal who gained access to your main workplace software, for example Google Workspace, could use that access to then log in to your phone system, your payroll, and anything else connected. They can change passwords, reroute phone calls, and even send emails as other people. These criminal actions can grind your business operations to a halt. More than that they can cause further harm by transferring assets, releasing false statements, and stealing confidential or proprietary data.
In our software powered, interconnected world, phones, emails, software, text messages, etc are all critical pieces of our new workflows. These touchpoints can all double as points of attack. From phishing scams to brute force data breaches, the landscape of risks is broad and ever-changing. Once a bad actor has breached any key piece of that infrastructure, they can quickly take over the whole operation.
Strong passwords and two factor authentication are not going to cut it. A multi-layered cybersecurity strategy that goes beyond traditional methods, your business can significantly enhance your defenses. This recipe focuses on the essential ingredients of antivirus protection, employee cybersecurity training, data encryption, and the crucial addition of two-factor authentication (2FA) to create a robust cybersecurity posture for small businesses.
Ingredients:
1. Antivirus Software:
Bitdefender: One of the most robust solutions, more catered to advanced users and businesses who face constant threats.
Norton Small Business: Easy to manage and offers solutions that scale with your business.
2. Employee Cybersecurity Training Platforms:
KnowBe4: Provides interactive training on the latest cybersecurity threats and best practices.
Cybrary: Offers an extensive library of cybersecurity training modules for various skill levels.
3. Data Encryption Tools:
VeraCrypt: A free, open-source disk encryption software for protecting sensitive data. While the price is right, it does require some advanced knowledge and setup.
AxCrypt: Simpler to use encryption tool allowing you to set rules file by file if needed. This ensures that data remains secure even outside the business’s network.
4. Two-Factor Authentication (2FA) Solutions:
Duo Security: Protects your business by requiring two forms of verification before granting access to your systems and data.
Google Authenticator: A free app that generates codes for 2FA, adding an extra layer of security beyond just passwords.
Cooking Instructions:
1. Select and Implement Antivirus Software:
Of our ingredients list, there’s probably the most selection in antivirus software. The best way to pick is by narrowing down which devices your company uses, which workplace software your company uses, and finally the amount of contact your staff has with the “outside world.”
Solutions like Norton, Symantec, or other “consumer brands” are very solid options for the majority of workplaces.
If you have many devices, running on different operating systems, you may need something more advanced like BitDefender
If you don’t have IT support, it’s important to install the software across all company devices and train users to keep the software up to date.
2. Roll Out Employee Cybersecurity Training:
Schedule regular training sessions using platforms like KnowBe4 or Cybrary to keep your team informed about potential cyber threats and the practices they should follow to mitigate these risks.
3. Encrypt Sensitive Data:
Utilize VeraCrypt or AxCrypt to encrypt sensitive business data, particularly information stored on portable devices or shared externally.
Ensure that encryption becomes a standard practice for all data storage and transfer within your company.
4. Enable Two-Factor Authentication (2FA):
Almost every software tool with a sign in will offer 2FA as optional. Enable it!
Ideally, implement a 2FA system for all internal and customer-facing platforms. Especially for services that access critical business or personal data. Duo Security or Google Authenticator can provide robust solutions that are both effective and user-friendly.
5. Regularly Update and Audit Your Security Measures:
Cybersecurity is an ongoing process. Regularly update your software, conduct system audits, and reassess your security measures to adapt to new threats.
6. Create a Cybersecurity Response Plan:
Develop a clear plan outlining the steps to take in the event of a security breach. This includes identifying the breach, containing it, eradicating the threat, and recovering any compromised data.
Make sure to revisit this plan at least once a year to ensure key systems and points of contact are up to date.
If you’re able to implement all of these steps, you’ll significantly fortify your defenses against the ever growing number of cyber threats. Remember, the goal is not just to protect your current assets but to foster a resilient, security-minded culture that can adapt and respond to the evolving digital landscape.