Site icon Magidov CPA Firm

Fighting Cybersecurity Threats in Your Business

If you keep any kind of digital information in your business, you have a chance of becoming a victim of a cybercrime. The odds have increased exponentially during the pandemic, with more cyberthreats and scams floating around than ever before. Here are some ways to reduce your chances of getting attacked.

Social Engineering

Social engineering is when thieves try to get your employees to provide confidential information via a phone call or email. You can reduce your risk here by developing procedures and training any employees that take customer phone calls for the business. Require them to ask for identifying information such as a pin or code, or simply prevent them from giving out any information over the phone.

Passwords

Passwords are terribly inconvenient but incredibly necessary. Almost everyone is guilty of using passwords that are simply too easy to guess. Here are some password tips:

 

  1. Avoid using dictionary words, even if the syllables are broken up in the password.
  2. Always use a combination of upper and lower case, and don’t just make the first letter uppercase which is too predictable.
  3. Include special characters, and don’t just use the exclamation point.
  4. Use separate passwords for everything, especially for banking apps, accounting apps, and social media apps which are frequently hacked.
  5. Make your passwords at least 12 characters.  More characters will be needed each year.

 

Receiving and Delivering Information

If you deliver or receive information, it should be done safely and securely. One way to do this is to use a customer portal such as Box or ShareFile, where the information is securely stored in the cloud. Another tool that to safeguard information delivery is encrypted email.

Anti-Virus

All computer users should have anti-virus software implemented and active on their devices.  Company procedures should dictate the settings as well as the brand to use.

Spam Protection for Email

Anti-spam software is also necessary to protect the device from bad links in emails.  Users should be trained to detect and avoid phishing emails.

Malware Protection

Malware can be installed on your computer without your knowledge and if you are not careful.  To protect against these threats, avoid file-sharing when possible, be careful when visiting unknown websites, don’t download software that you don’t recognize, and be careful with links in emails.

You may also need to protect your website from malware attacks by installing a firewall or other preventative solutions.

Software Releases

Stay current with all of your software upgrades. Upgrades can patch vulnerabilities, so you are safer with each new upgrade you install.

Data in the Cloud

Make sure any data that you have in the cloud is behind an acceptably secure technology solution.  Today, this generally means files are stored with AES 256-bit encryption. You can also look for SOC1 and SOC2 certifications.

Need to Know

There are many policies that need to be developed for employees with regard to data handling. One example is providing data access to employees on a need-to-know basis.  For example, an operations manager does not need the password to the payroll system, but the payroll manager does.

Reducing Business Risk

These items above are the tip of the iceberg when it comes to having good data security practices in your business. Develop an excellent set of policies, train and monitor employees, and set a great example yourself when it comes to this growing threat to your business.

Exit mobile version