THAT YOU NEED TO IMPLEMENT NOW!
Today we begin with a cautionary tale of one of our clients. Two weeks ago, they woke up to find that they no longer had access to their email account, Facebook and Instagram accounts, and their related ad accounts. They were hacked. The hackers deleted their Facebook ads, removed the account admins, and even tried to run ads, but fortunately Facebook had stopped them due to suspicious activity.
Thankfully they recovered access to most of their accounts, and the damage was minimal. But, they did lose all their Facebook Business page’s history and ads. This meant they had to start all their campaigns from scratch with no warm leads. No money was taken directly from the company, but indirectly they lost all the time and investment into building those campaigns.
Although it would seem more logical for hackers to target the big boys, as there will be bigger rewards, statistics show that most attacks (7 out of 10) are aimed at SMB’s. If you think about it, it makes sense. The primary goals for hackers are to steal money and to create chaos. Considering SMB’s don’t have the budget or manpower for major cyber security systems, for the hackers, they are easy targets and can get an instant reward for very little effort.
The two largest causes of hacking are due to flaws in software and flaws in human behaviour. We are all guilty of using ‘123456’ at some point in our lives, don’t lie to me! According to Nordpass ‘123456’ was used over one hundred million times in 2021. Don’t be embarrassed. At least you weren’t the President of the USA and using ‘maga2020!’ for your precious Twitter account.
Now you may ask, ‘what measures can you put in place to prevent such security breaches?’. We’ve compiled this list that we urge you to put into practice TODAY!
1. Use Two-Factor (or Multi-Factor) Authentication!
If you don’t have multi-factor authentication set up on all your major accounts, please stop reading and go set it up now. I’ll wait…
Arguably it is the single most important measure you can take to prevent hacking. Microsoft reported that 99.9% of Microsoft Enterprise hacks occurred on accounts without it.
Two-factor authentication requires you to use a secondary piece of information to access an account. Often the code is generated by an app or sent via SMS. Even if your password is ‘123456’, an attacker is unlikely to get access if they don’t have your phone.
2. Strong Passwords and Password Managers
Now, I know I said that two-factor authentication is the bee’s knees, and it is. But, some sophisticated hackers can get around it. Imagine, if they can get around the extra device issue, they can certainly hack ‘Password1234’, especially if you use it for all your accounts. Have a browse through NordPass’s ‘Top 200 Most Common Passwords’ of 2021 and see if your password won the weakest link prize.
Most people use the same password they ingeniously came up with 20 years ago, and 65% of people use one password for all of their accounts (No judgment, we have all been guilty of this).
I know the idea of creating a unique and strong password for all of your accounts sounds completely undoable, and that’s why using a password manager could be your saviour. There are many options, but the most popular one is LastPass.
3. Teamwork Is Key
Your cybersecurity requires a team effort at all levels of your business. You can do all of the above, but it’s a waste of time if your team isn’t doing it too. Cyber security should be a key focus point for the business, and any changes to operational aspects should be considered through cyber security and figure out a risk management plan.
Educating your employees about the risks and giving the best practices will help mitigate security breaches’ human element. Ensure that they understand that a breach can have irreversible damage to the business and put all your customers’ personal and financial data at risk. Best practices should include:
- Never sharing personal information over email, but rather acquire information over the phone or face-to-face.
- Never opening email attachments or click on links that don’t pertain to company matters.
- Hold regular cyber security workshops to keep staff up-to-date
You or your staff would never leave the office door unlocked, so nor should the ‘doors’ of your online operations.
4. Accept The Update Notifications!
All of your technology, such as operating systems, smartwatches, social media accounts, and other system applications, have security flaws. Thankfully developers are constantly working to find bugs and are fixing them, but if you don’t allow the updates, you are opening yourself up to be attacked. Go through your phone, your pc, and apps, download the new updates, and then ensure that ‘update automatically’ is selected.
While on updates, it would be wise to ensure your antivirus or malware software (if you don’t have any, you should) is updated. If you have a MacBook, as long as your system is up to date, you’ll be sweet.
5. Think Before You Click
Being able to identify scams or phishing attacks can greatly reduce your chances of a breach. Hackers know that humans are easily fooled and use psychological tactics to get you to click on a message or attachment. For example, one common spam email going around claims you have infringed on someone’s copyright. One small click can cause a malware invasion to your computer or your entire network. Your best defense is to simply think before you click.
There is no foolproof way to prevent hacking and security breaches but if you implement the above steps, you will ensure that you’ve given your business a fighting chance. If you need any help or have any questions about cyber security, let us know, and we can work with you to come up with a solution.
Resources: