Gone are the days when cybercriminals only targeted big businesses. According to the National Cyber Security Alliance, 70% of cyberattacks now target small and medium-sized businesses (SMBs).
Attacks like phishing and business email compromise – which employ social engineering techniques -- are also on the rise, because humans are still the weakest link in the security chain. Enforcing cybersecurity best practices and educating employees on their role in safeguarding company data should therefore be a business priority.
Here’s a real-life example of how easy it is to dupe employees into clicking on suspicious links.
It was a regular Tuesday morning at work, until I received an email saying: “New audio note received,” with a link that said: “Listen to the full message here.”
And I clicked…
“Whoops - you were phished!”
Thankfully, it was a phishing simulation, sent by my employer.
I have been writing about cybersecurity long enough to know not to click on such links. So, why the momentary lapse of judgement?
Here’s why: It was my first month at my new job and when the email came in, I thought I had missed a Microsoft Teams call from my manager. I had to undergo a security awareness training, as a penalty.
Simple but effective cybersecurity best practices:
As SMBs become more vulnerable, here are five basic cybersecurity best practices that you should teach your employees to help protect your business and secure its data:
- Don’t leave your laptop or desktop unattended. Your laptop should have a screensaver set up that locks automatically and requires a password to prevent unauthorized access.
- Be wary of emails requiring urgent action and asking you to click on links. Don’t click on unverified links or download suspicious apps. With 90% of cyberattacks starting with a phishing email, investing in security awareness training is an effective way to educate employees on potential security threats.
- Employees working remotely should refrain from connecting to a public WiFi. One of the many dangers of using unsecured WiFi is falling victim to man-in-the-middle attacks – often used by attackers for stealing login credentials. If connection to public WiFi is necessary, use a VPN to secure the connection.
- Do not ignore software updates, especially antivirus updates that contain the latest files needed to tackle new viruses. Installing updates promptly can help protect your computer – and business – from the latest cyber threats.
- Password best practices aren’t just limited to creating complex passwords. Be certain that employees understand that they should not share passwords with coworkers. If a coworker accesses sensitive information using your password over public network, it could leave them susceptible to attacks.
As social engineering tactics get more sophisticated, it is imperative to employ proactive plans for backing up sensitive data. Investing in a cloud backup service like Carbonite™ will ensure your data is securely backed up.