In April 2014 my Dad’s small bakery nearly went out of business.
The reason for that wasn’t his competitors, or bankruptcy, or a faulty marketing strategy. It was Heartbleed.
Heartbleed is an Internet security bug that caused as much as half a billion dollars’ worth of damage costs, according to eWeek. What it did was allow a perpetrator to gain access to personal data on a given server, such as logins, passwords, and other sensitive information.
When all of my Dad’s business communication fell into the wrong hands, he didn’t notice it at first. It was only after losses started to occur that he did.
But despite those losses (and very near extinction of our family business), Heartbleed taught me an important lesson: if you don’t take care of your online security, someone else will take advantage of it.
Since then, cybersecurity has been my passion and vocation. Today I’ll use my experience to give you six tips to protect your company online.
- Install a VPN
A VPN, or a virtual private network, is a service that encrypts all incoming and outgoing traffic on your computer. It means that nobody can see what exactly you are doing online. That includes:
- what websites you visit;
- where from you are connecting;
- your passwords and logins;
- other details.
As this data is encrypted, it won’t be able to harm you even if hackers get access to it because they would have no way to decipher it.
A good rule of thumb here is to avoid free VPNs because they often are unreliable. However, there are ways to save on Internet safety. For example, you can choose a VPN that allows for multiple simultaneous connections. This way, you can protect traffic on several devices at once for the price of a single subscription.
- Use two-factor authentication
Two-factor authentication means that to log into your account, you don’t only use your password but also present proof of your identity to the system through a separate channel. For example, it can be a code that a website sends to your phone or a fresh picture of your face.
Its another advantage is that the additional information necessary for verification, whether it is a code or a picture, is only useable once. If anybody learns it after you have entered it, it won’t help them to access your account.
Unfortunately, not every website has two-factor authentication. So, if you have a choice between two analogous services one of which offers it and the other does not, you should most likely opt into getting the first one.
- Use antivirus software and make sure it’s updated
The more employees you have, the greater the chance that one of them makes a costly mistake is. It often takes only one mouse click to infect a computer with spyware.
Such spyware as keyloggers and rootkits can be extremely dangerous to your business as they may give hackers access to your network. To prevent it, you should use an antivirus program.
As new breeds of malware are being developed every day, always keep your antivirus up-to-date to make sure its virus database is as full as possible.
- Always keep your Windows updated
Some exploits like use software vulnerabilities to deliver malware to a user’s PC. Sometimes, antivirus programs may not be able to recognize them.
You will greatly increase your cybersecurity by keeping your operating system updated. In fact, the WannaCry cyberattack of 2017, which was one of the worst ransomware attacks in history, was so successful due to a large number of computers running on an outdated version of Windows in which a vulnerability was still present.
To add to that, it’s a good idea overall to keep all your software fully patched.
- Back up important information
If you follow the above piece of advice, your business should be relatively safe from cyberattacks. However, a small chance that criminals might get wind of a software vulnerability before the developer does and can patch it is still present.
For example, a ransomware attack can take place, encrypting all the data in your network and on your computers and demanding payment. It may not steal your information but even if it doesn’t, it can block your access to it, paralyzing your business for days if not weeks.
To counter it, you should back up all the important data your business has, including:
- customer lists and information;
- financial data;
- employee lists and personal files;
- banking information;
- index files etc.
You can either do it manually or, more conveniently, get a program to do it automatically. Make sure that your backed-up data is stored on offline devices so that intruders can’t encrypt or delete it as well.
- Get insurance against cyberattacks
When my Dad found his company under a cyberattack, he luckily managed to recover his data. Financial losses, not so much.
Not only did the disruption of his business make him lose a ton of money, but also it damaged his potential profits by marring his reputation because customers’ personal info was leaked and obtained by perpetrators.
Heartbleed cost him a lot in the short run but even more in the long term because his company wasn’t insured against cyber threats.
My advice is that your cybersecurity insurance policy should cover:
- your data being stolen from you and from third parties;
- defamation and other damages to yours and your company’s reputation;
- income losses because of your business being paralyzed;
- ransom extortion;
- data recovery;
- compensation to your customers.
With these six tips in mind, you will protect your company’s online activities without hiring a cybersecurity agency—and that can be costly, especially for smaller businesses.
Guest post courtesy of Dainan Gilmore