You think your company is too “small” to interest a hacker? Well, that’s not what cybercriminals think! As a proof, half of the attacks target small companies.
How to protect yourself against cyber risks? We give you 6 best practices to apply today in your company!
1. Train employees in computer security
First step in protecting against cyber attacks: training your employees! Most hacks are the result of human error.
Educate your employees on the risks involved. Your team should avoid opening suspicious emails that request confidential information, clicking on a link or opening an attachment from an unknown sender. Give them the steps to follow if they are unsure about a message or document.
Also, make sure that employees’ company phone, laptop and/or tablets require passwords to access private data. An unlocked phone left in a cab becomes a gateway to your sensitive data.
Your employees should change their passwords regularly and avoid using the same one for all systems.
2. Learn how to spot phishing attacks
Phishing is one of the most common attacks. So, if you have any doubts about the legitimacy of an email, contact the sender.
Beware, phishing can also hide behind fake news. So be careful when you visit news sites or click on information on social networks.
When in doubt, analyze the URL or the email address. Often, the messages come from addresses that have nothing to do with the “supposed” sending company. Furthermore, the contents are often full of spelling mistakes or have a poor syntax.
3. Limiting access to certain data
While you should trust your employees, not everyone should have access to all your data. This avoids, in case of an attack, to access all your information, especially the most sensitive ones.
Each department should have its own access limits. For example, the marketing department does not need to have access to Human Resources files.
Hackers are also able to hide malware in seemingly innocuous downloads. So, don’t allow your staff to download games or applications to their computers. Your whole company could get attacked.
4. Choosing the right ISP
Your Internet Service Provider (ISP) plays a vital role in securing your data. The most common attacks are denial of service or DDoS attacks. They consist in saturating a site with numerous requests to hinder its operation or even make it inaccessible.
To avoid this, choose a provider that offers a secure hosting. Most ISPs offer Layer 3 and Layer 4 DDoS protection to prevent mass volumetric attacks. But smaller attacks can target Layer 7. Consider this before choosing.
For added security, opt for a firewall that can anticipate DDoS attacks.
It is also possible to change DNS servers to improve security and speed of connection to a website.
5. Update security software regularly
The safety of your network depends on how well you maintain it. The tools antivirus and anti-malware works and is constantly updated to combat the latest attacks.
Pop-up notifications reminding you to update software should not be ignored. Remind your employees.
If you skip these updates, your company becomes vulnerable to attacks.
6. Control physical and remote access to your devices
A single employee may have many devices connected to your network. This is a security concern. To help you, generate new connection alerts on an inactive account or service.
You can also require passwords at every login, no matter how short. While it can be tedious for employees to enter passwords frequently, it can help keep prying eyes away.
Cyber attacks are part of the risks your company faces. You can avoid them. Work with your employees to secure your network, adopt the right vendors, protocols and software, use a VPN and don’t forget to update your tools regularly.