The U.S. warns companies to stay on guard for possible Russian cyberattacks.

You, the CEO/Owner of a small or medium sized business, are under attack. Right now, extremely dangerous and well-funded cybercrime rings in other countries are using sophisticated software to hack into thousands of businesses like yours to steal credit cards, client information, and swindle money directly out of your bank account. Some are even being funded by their own governments to attack American businesses.

Don’t think you’re in danger because you’re “small” and not a big target like a J.P. Morgan or Home Depot? Think again. 82,000 NEW malware threats are being released every single day and HALF of the cyber-attacks occurring are aimed at small businesses; you just don’t hear about it because it’s kept quiet for fear of attracting bad PR, lawsuits, data-breach fines and out of sheer embarrassment.

  1. The #1 Security Threat To ANY Business Is...You! Like it or not, almost all security breaches in business are due to an employee clicking, downloading or opening a file that’s infected, either on a web site or in an e-mail; once a hacker gain’s entry, they use that person’s e-mail and/or access to infect all the other PCs on the network. Phishing e-mails (e-mails cleverly designed to look like legitimate messages from a web site or vendor you trust) is still a very common occurrence – and spam filtering and anti-virus cannot protect your network if an employee is clicking on and downloading the virus. That’s why it’s CRITICAL that you educate all of your employees on how to spot an infected e-mail or online scam. Cybercriminals are EXTREMELY clever and can dupe even sophisticated computer users. All it takes is one slip-up; so constantly reminding and educating your employees is critical.
  2. Train Employees On Cybersecurity AwarenessThe current Ukrainian/Russian conflict has prompted a new wave of targeted phishing and ransomware attacks as cyber criminals take advantage of distracted and stressed employees. While spam filtering can identify some malicious emails, others that appear authentic will find their way into an employee’s inbox. As one wrong click on a malicious email could expose an organization’s sensitive information, employees should undergo thorough and ongoing cybersecurity training with a focus on mitigating potential attacks by keeping a close eye on their email. Employees should be trained not to open emails or click links in emails from unknown senders and to report potential phishing attacks to leadership.
  3. Ensure A Strong Password ProtocolOrganizations should utilize a password manager to guarantee strong protection over personal and company passwords. This type of system will store and encrypt all passwords, preventing anyone from gaining access without first verifying their identity through two-factor authentication. Employees will only need to remember one master password, and the stored account logins and passwords, which are generally a sequence of randomized alphanumeric and special characters, cannot be traced back to the password manager.
  4. Keep your network and all devices patched and up-to-date.New vulnerabilities are frequently found in common software programs you are using.  You need visibility into the operating systems, firmware and software on your network, and a strategy for promptly installing patches and updates.
  5. Have An Excellent Backup.This can foil the most aggressive (and new) ransomware attacks, where a hacker locks up your files and holds them ransom until you pay a fee. If your files are backed up and stored in a way so a hacker cannot remove or damage them, you don’t have to pay a crook to get them back. A good backup will also protect you against an employee accidentally (or intentionally!) deleting or overwriting files, natural disasters, fire, water damage, hardware failures and a host of other data-erasing disasters. Again, your backups should be AUTOMATED and monitored; the worst time to test your backup is when you desperately need it to work!
  6. Don’t Scrimp On A Good Firewall.A firewall acts as the frontline defense against hackers blocking everything you haven’t specifically allowed to enter (or leave) your computer network. But all firewalls need monitoring and maintenance, just like all devices on your network or they are completely useless. This too should be done by your IT expert as part of their regular, routine maintenance.
  7. Use A Secure Connection For Company DevicesEmployees should only connect to the corporate network using company devices, and company devices should not be connected to a public network. COVID-19 has required the majority of businesses to work from home, and therefore it is important to ensure that employees are only connecting to a private in-home network, mobile hotspot or virtual private network (VPN) recommended by the organization. Employees should follow a secure protocol when visiting websites by looking for HTTPS in the URL or a lock icon in place of it.

If you are concerned about cybercriminals gaining access to your network, then contact us via email or call 281-403-9561 to learn about how we can implement a managed security plan for your business.

All businesses are susceptible to cyberattacks, but leaders need to do everything within their power to mitigate risk and lessen the impact of any potential incidents. eNet Systems offers cyber risk assessments that employ a wide variety of techniques to accurately assess an organization’s business-specific cybersecurity threats. Reach out today to schedule a consultation and start 2022 with a clear and strategic approach to managing cybersecurity.