top of page
Search

From Home to Work: Applying Your Security Mindset to Your Small Business or Startup

  • Writer: Melissa Thornton
    Melissa Thornton
  • Jan 21, 2023
  • 4 min read

Updated: Jan 23, 2023



Running a business is hard. Every day brings a new challenge, and it can often feel like the stress and uncertainty are too much. That's when you remind yourself why you took the leap- the satisfaction of realizing your vision- and keep going. This is why the Cybersecurity Advisory Group was established. To provide comprehensive and cost-effective cybersecurity strategies to small businesses, enabling business owners to focus on achieving their goals and bringing their vision to life without worrying about cybersecurity risks.


We know that small businesses are especially vulnerable to cyberattacks. Forty-three percent of all cyberattacks now target small businesses, and sadly, 60 percent of those businesses will permanently close their doors within six months of the attack.

The purpose of this blog is to offer straightforward and practical actions that businesses can take immediately to safeguard against cyber attacks.

Patch your loopholes


Home break-ins often prompt homeowners to upgrade their locks or install security lights. Similarly, safeguarding your business from cyber threats begins with a basic step: updating your current systems.

Microsoft and other technology companies typically release updates on Patch Tuesday (the second Tuesday of each month, at 10:00 AM PT) or whenever vulnerabilities are detected. These updates are free of charge, and configuring your computers to receive them is one of the most important things you can do to protect your systems.

Maintaining an updated inventory of IT assets is crucial. With the increase in remote and hybrid work, employees are increasingly using their own devices in the workplace (known as "BYOD"). This results in a larger attack surface with more endpoints and vulnerabilities. It is important to keep track of all the devices connected to your network and make sure they are secure.

Routine data backups are one of the most effective ways to protect your business against cybercrime. Ransomware attacks increased by 300 percent in 2021, and ransomware as a service (RaaS) shows that bad actors are confident enough to treat their operations like legitimate businesses. One effective way to thwart ransomware attacks on your business is to consistently create backup copies of crucial files. By automating the backup process according to a schedule, your business can efficiently utilize resources while minimizing the risk of human errors.

Hide your keys, hide your business


Most of us know better than to keep a spare house key hidden under a potted plant, but we all make the same mistake with passwords: if it's easy for you or me—or even someone who knows us well enough—to remember, then anyone will be able to find it. It would be best if you used something that no one could guess in 10 tries or less. Today's cybercriminals use a kind of brute force attack known as password spraying. Simply put, the attacker acquires a list of accounts and runs through a long list of common passwords attempting to find a match.

Because most businesses have a naming standard for their employees (for example, firstname.lastname@company.com), adversaries can often get halfway in the door by using the information on your website when launching an attack against you or your company.

Many internet browsers have built-in password generators to create and save secure passwords for your business. Alternatively, your business may choose to eliminate passwords altogether by implementing solutions like FIDO2 security keys, which allow users to sign in using biometrics or physical keys or devices. If your business decides to keep passwords, multifactor authentication, also known as two-factor authentication, is an excellent way to ensure secure access. This method requires users to verify their identity through an additional factor, such as a one-time password sent via email or text message, answering personal security questions, or using facial or voice recognition.


The importance of being selective with whom you let in


Just as video doorbells ensure safety before opening the front door, businesses must also stay vigilant against the latest phishing and social engineering scams. In 2022, malware and phishing continued to be the leading causes of cyberattacks. Threat actors have figured out that humans are the weakest link-85 percent of all beaches now have a human element, and attackers are stepping up the sophistication and frequency of their attacks. The good news is that most phishing emails can be identified by recognizing common "hooks" such as:

Be wary of emails requesting personal information or payment. Never click on a link in such emails. Instead, navigate to the website directly by typing the URL into your browser.

Watch out for emails with an unfamiliar tone or greeting. Phishing emails are often created by individuals located in other countries, so look for unusual syntax or tone that is too formal, too familiar or an odd mix of both.

Be on the lookout for grammar and spelling errors. Legitimate businesses take the time to proofread their emails before sending them.

Check for inconsistencies in the email address or domain name. Phishing emails often use slightly altered versions of legitimate email addresses or domain names (e.g. microsotf.com instead of microsoft.com).

Be cautious of emails that contain threats or a sense of urgency. Scammers often try to scare recipients into clicking the link with headlines such as: "Update your account information now or lose access!" If in doubt, navigate to the website directly by typing the URL into your browser.

Be suspicious of any attachments that you were not expecting. Don't open the attachment if you didn't expect an email from the sender. Instead, open a new email and inquire if the email and attachment are legitimate.

Cybersecurity Advisory Group is here for you

To learn more about cost-effective, user-friendly security solutions, visit our website and discover how we can provide comprehensive security strategies customized for your business. Need an assessment of your current cyber security posture? We offer cybersecurity risk assessments and vulnerability assessments that provide you with a clear understanding of where your business stands. Let us be your partner in taking your business to the next level - securely.

About the Author: Melissa Thornton, CISSP

Melissa Thornton is a principal security consultant for Cybersecurity Advisory Group, where she specializes in providing SMBs and startup companies with cyber risk management advisory. As a former CEO with over 20 years of technology, business operations, and security experience, Melissa understands the unique challenges of running a business. As a trusted advisor, Melissa works with clients to develop clear strategies and implement best practices across the board. She's skilled at spotting risks—large or small—and ensuring they never become problems.


If your business is looking for a knowledgeable and collaborative cybersecurity partner, we would love the opportunity to work with you.

 
 
bottom of page