Best Practices to Protect Your Business from a Cyberattack
Cybersecurity remains top of mind for businesses as our world becomes more digitized. A recent report from IBM discovered that on average globally, the cost of a data breach was $4.45 million in 2023. Cyberattacks continue to rise, so we sat down with Tony Roessler, Managed Network Services National Manager at Sharp, to share insights on common attacks and best practices that you can take to best protect yourself and your business from a potential breach.
Can you describe the most common cybersecurity attacks against businesses that you’re seeing?
Tony: There are many forms of cybersecurity attacks against businesses these days; however, the most common I’m seeing are phishing attacks. This is a scam where bad actors use social engineering to either have victims transfer funds, purchase gift cards, or install malicious codes. The attacker’s email can look like a family member, colleague, or even a company’s support team and request sensitive information to potentially install malware. One way that organizations can prevent this is by sending staff fake phishing emails as examples so that they are aware and can be on the lookout for suspicious email addresses or links.
What are some easy, but effective, steps that businesses can take to protect themselves from a cybersecurity attack?
Tony: Today, it’s critical for businesses to protect themselves and be on the lookout for bad actors. Organizations, both large and small, can take a few simple steps to set themselves and their staff up for success. First, they can implement a password change policy requiring updates every three months and ensure that passwords are unique, with a mix of characters, numbers and symbols.
Next, it's crucial to enable multi-factor authentication (MFA). Having this allows for an added layer of protection by requiring users to verify themselves beyond a traditional username and password. Finally, it’s important to have security awareness training for employees so that they’re updated on the latest threats, know how to identify them, and can flag to an IT professional if needed.
What are some common mistakes you see businesses and/or individuals make that can lead to a cybersecurity breach?
Tony: The biggest mistake that I see is having the same password for multiple machines and accounts. If there’s a potential breach, a hacker can access confidential information across many platforms. This is like giving a hacker a key that unlocks your home, car, office, etc. Most users repurpose the same password because it’s easy to remember one password rather than many unique codes; however, it is highly recommended to make your passwords both different and complicated across platforms.
Another mistake is not having updated subscriptions, support or hardware. Technology is constantly updating and implementing new features that can assist in stopping hackers from accessing data. Everything from your work laptop to personal smartphone should be as up to date as possible so it’s well equipped to fight off an attack.
How can we stay educated on the latest cybersecurity trends & threats?
Tony: I suggest meeting with your IT provider or consultant quarterly to discuss current trends or to discover any gaps in your cybersecurity strategy. I also recommend developing a technology roadmap, which is a helpful visual tool for planning and executing technology goals. This can assist employees at all levels to understand where technology capabilities currently stand, where they’ll go, and how the result can support an organization.
Additionally, joining user groups to discuss best practices, training, current trends and more can assist in staying up to date and continuing cybersecurity education. You can also stay informed by reading articles or subscribing to newsletters from publications such as Cybercrime Magazine, Security Week, Cyber Defense Magazine, and more.
How can organizations use AI to protect or assist in a cybersecurity attack?
Tony: AI has been a buzzword over the past year across all industries – healthcare, education, entertainment, and especially, technology. This tool can be a great asset to defend from a potential cyber-attack by predicting and studying behaviors. AI can alert personnel that the network is seeing anomalies either in user behavior or traffic, and flag that to an IT professional before a breach is underway.
Overall, updated devices, and educated employees can set an organization up for success when protecting itself from bad actors. For more cybersecurity news and trends, check out more Simply Smarter blogs.