Unless you’re particularly tech-savvy, taking care of cybersecurity for your business might be a daunting task. But in truth, it doesn’t take a lot to fence up some basic precautions. Here are four common cybersecurity pitfalls that you can protect your company from using simple tools and a bit of common sense.
When setting passwords for company accounts, businesses often go with their first association, such as the headquarters address or the CEO’s dog’s name (that actually happened at my former workplace). Passwords like these are familiar and easy to remember for everyone within the organization. The problem is: they’re also very easy to crack.
If you don’t want your passwords to fall prey to hackers, there are some easy steps you can take. First of all, password generators are a life-saver when it comes to protecting your accounts with strong passwords. Using one of these tools, you can generate a high-security unique password of chosen length (the longer the better, though). Always make sure to set a different password for each account – this will protect you in case one of them gets compromised.
A string of random numbers and characters is hard to crack but also impossible to remember. Password managers like 1Password, KeePass and LastPass will let you access all your passwords with one master key and can be used for the entire organization with the multi-user account. To pick a secure master key, run your ideas through this tool to see if they’ve ever been exposed in a data breach before. If yes, it’s better to stay clear of them.
As internet privacy concerns have been rising in recent years, VPNs became an incredibly popular tool for people to protect themselves against internet surveillance. VPN, or Virtual Private Network, allows you to encrypt your internet traffic and hide your browsing activity from prying eyes, such as the Internet Service Provider (ISP) or advertisers.
While VPN is great in principle, its popularity led to a flood of fake or malicious VPN services, tempting users with no fees. According to research by Top10VPN, out of 150 most popular free VPN apps for Android, 18 percent tested positive for viruses and malware. And that’s not the only problem. More than half of the apps had intrusive permissions, such as recording via the microphone without users’ knowledge or accessing their contact list. And a quarter of the apps suffered from DNS leaks exposing users’ browsing history to their ISP, which defeats the point of using a VPN entirely.
If your business is using a free VPN, it’s high time to get rid of it and look for a trustworthy VPN provider with a no-log policy. Make sure to do your research and carefully read terms and conditions before you commit. Watch out especially for what types of permissions the provider requests and whether they keep your data logs (they shouldn’t).
Bad cybersecurity hygiene
The best way to protect your company from dangerous freeware is to educate the team on how to distinguish verified free software that can be useful for day-to-day operations (such as Skype or Dropbox) from a hacker’s bait.
Freeware, or free software, is great as long as it’s actually free. Free from a subscription cost, and free from malware. A common risk is a free software containing malware that can take control of your computer or even lock up important files for a ransom.
Never download anything without doing thorough research on whether the software can be trusted and what the trade-off is for using it free (you’ll often find that the price is your data). Second, keep security programs up-to-date – make sure both your operating system and web browser are updated to the latest version.
Suspicious and phishing emails
Email attachments can contain all kinds of malware that you’ll unknowingly download on your computer. Most people are careful enough not to open attachments or click links in unsolicited emails, but that’s not the only risk.
Cybercriminals can hack your friend’s or coworker’s email account and send dangerous malware to their entire contact list. If you ever find suspicious attachments in your inbox, even from a reliable source, it’s best to check with the sender if the email actually came from them. If not, they should immediately change their password and notify everyone in their network of the security threat.
Another common email scam is phishing. Hackers may hack into a person’s email to disseminate malware or ask for account credentials. Otherwise, they might set up fake email addresses that resemble an authority from a reputable domain in order to trick you to download an attachment or give up your sensitive information. In this case, it’s important to remember that a legit company would never request your personal information via email nor would they send you an unsolicited attachment.
When in doubt, take a closer look at the email address (if the domain turns out to be paypal14.com instead of paypal.com, you know you’re dealing with fraud) or contact the person or company who allegedly sent the message to verify it.