Globally, the average total cost of a data breach is $3.92 million. The United States skyrockets over that global figure with an average cost of $8.19 million [2019 Cost of a Data Breach Report]. The cyber security threats that lead to these data breaches are constantly evolving, too. As many businesses transition to a remote workforce during the COVID-19 outbreak, new vulnerabilities and an expanded worldwide attack surface put your company even more at risk than usual. As a decision maker, there’s a lot on your plate. Apart from taking basic steps to secure your business by using firewalls and antivirus protection, now is also the time to teach your employees cyber security best practices to protect your business now and into the future.
How does cyber security help my business?
Do you often worry about the future of your business? Do you wonder how changes in the economy will impact your bottom line? Do you constantly try to think of new ways to help your customers succeed despite these trying times? As you know, customer retention and sentiment can make or break a business. Lost business and the loss of customer trust is the greatest contributor to overall data breach costs. To top it all off, small businesses likes yours have disproportionately larger breach costs than their larger counterparts ($204 per employee vs. $3,533 per employee) [2019 Cost of a Data Breach Report]. This disparity can impede a small business’ ability to financially recover after a security incident. Providing the tools and knowledge for your employees to protect your business from cyber threats doesn’t just keep your doors open, it keeps your customers happy, and gives you one less thing to worry about.
5 things to teach your employees to help you sleep better at night
Instilling good cyber security hygiene in your employees can help ease some of these stressors. Teach your employees these 5 things to help you sleep better at night:
1. Use strong passwords & MFA
Verizon’s 2019 Data Breach Investigations Report found that 80% of all hacking-related breaches are the result of weak passwords. We all use so many password-protected websites and applications (both business and personal), that it can be tempting to reuse the same easy to remember, weak password over and over. How else can we keep track of them all, right? Unfortunately, reusing a password, especially if it’s a weak one, is like leaving your front door wide open to attackers. And if you’re reusing passwords over and over, once they’ve guessed one, they can wreak havoc everywhere else.
Coming up with strong passwords may seem like a hassle, but passwords can be a cost-effective and impactful way to fend off hackers. A good password is random, long, and complex [i.e. 7sjnt$iejf63emq!8ie]. If that seems impossible to remember, alternatively, you can use a passphrase. A passphrase is just a collection of multiple, sometimes random or abbreviated words and are often easier to remember. Examples include things like tromboneCheesetruckLeaf or abbreviating a sentence like “I lived on 14 Cherry Street when I was younger and had a dog named Rover!” into Ilo14CSwiwy&hadnr!. You can also use a password manager to keep track of all your unique, strong passwords.
For maximum protection, combine a strong password/passphrase with multi-factor authentication (MFA). MFA adds an extra layer of security to a standard password. Many apps and websites already make you use MFA. For example, if you log into Facebook from a computer for the first time, a code may be sent to your password-protected Facebook mobile app to confirm that you’re you. Essentially, MFA is a combination of two or more of the following:
- Something you have (such as a randomly-generated code sent to your mobile phone)
- Something you are (such as a fingerprint)
- Something you know (such as a password)
2. Beware of phishing
From email to phone to text message scams, fraudsters and phishers are always ready to take advantage of unsuspecting individuals, especially during times of uncertainty. Their goal is to get you to reveal personal information such as passwords, social security numbers, or banking info. The Federal Communications Commission (FCC) is constantly updating their warnings on pandemic-related scams, like these recent phone scams.
Phishing signs and steps to take:
- If you receive a suspicious email and it’s full of spelling mistakes or broad language (ex. “dear valued customer” instead of your name)
- Be wary of urgent, threatening language in emails/phone calls/ texts such as “you must act now” or “your account will be disabled if you don’t contact us immediately”
- Question any request for credit card information, passwords, or other private information, even if it seems to come from a known source
- Refrain from clicking on suspicious email or text links – hover over links to view the path to make sure it’s what it says it is before clicking
- Avoid downloading unexpected email attachments
- If you suspect a phishing attempt, be sure to contact your IT department, MSP, or FCC
3. Keep your devices up to date
It’s important to keep apps, software, and devices up to date. We’ve all gotten pop-up notifications alerting us that it’s time to update…. and we’ve all probably hit “remind me later” once or twice. However, these notifications aren’t meant to interrupt you while you’re working or get in your way, they’re critical to maintaining security. Updates patch newly identified security vulnerabilities, fix bugs, and add new features to your device. Teach your employees to update promptly. If you don’t update your apps and devices in a timely fashion, hackers can use these known vulnerabilities to infiltrate your system. Don’t let that happen. Updates may take up a little bit of your time but just use it as an excuse to go grab another quick cup of coffee and know that in doing so, you’re ensuring your device is running smoothly and securely.
4. Stay informed
Human error accounts for nearly a quarter of all data breaches [2019 Cost of a Data Breach Report]. While this statistic makes it seem easy to point fingers at employees as being an organization’s weakest link, properly trained employees can also be some of your strongest defenders. Since the cyber threat landscape is always changing, it’s important to provide employee cyber security awareness training that’s frequent and consistent. Implement a culture of cyber security that your entire organization can get behind. Create security policies and ensure each employee knows them inside and out. By taking the time to teach your employees what threats to look out for and how to deal with them, you’re adding another invaluable layer of protection to your business.
5. Don’t be afraid of your IT department (or MSP)
If you see something, say something. Did an employee open an attachment and now their computer is running slowly? Or maybe they accidentally emailed unencrypted financials? No matter the cause, if an employee is suspicious of malware or possibly mishandled private information, they should alert management and your IT department (or managed service provider) . Your company should also have an established process for dealing with these mishaps. It’s much easier to deal with a security incident quickly and head-on than to wait for it to spread.
Cyber security is everyone’s job and smart businesses teach their employees how to make smart, security-focused decisions. By reviewing these 5 tips with your employees, you can breathe easier and sleep better at night knowing that your organization is protected.