It’s Monday morning. You arrive at the office early to get a jump on the week ahead. You log into your computer, take a sip of coffee, and suddenly you have a sinking feeling as you read the message on your screen: “All your files have been encrypted. Pay the ransom within 72 hours or say goodbye to your files forever.”
This is something no business owner ever wants to experience. Maybe you can afford to pay the ransom. Maybe not. Maybe the hacker will send you the decryption key. Maybe not. Maybe you can get by without those files and still stay in business. Maybe not.
What do you do?
Ideally, you’ll never find yourself in this situation because you’ve taken preventative measures. Sounds complicated, right? Yes, cybersecurity is complicated. It can also be overwhelming and expensive. It’s certainly not fun (well, for most people). And while there’s no guaranteed protection from these types of attacks, the good news is, a few simple measures can greatly reduce your risk.
Let’s put things in perspective: protecting your data is a bit like protecting your home. You have no way of knowing if a burglar will ever pay you a visit or how he/she might attempt to get in, so you’ll need to make some decisions. You already have locks on your doors and windows, but you may also choose to install an alarm system, or video cameras, or get a large dog. Maybe you’ll opt for all of the above. The point is, whatever measures you take are better than taking no measures at all.
When it comes to protecting your business’s data, leaving your front door wide open shouldn’t be an option. At least consider taking these seven basic steps to boost your cybersecurity:
1. Be smart about your passwords.
Use unique passwords for all online accounts, and remember that when it comes to passwords, longer is stronger. Passphrases that include upper and lowercase letters, numbers, and symbols work well. Something along the lines of “I’m so glad 2020 is behind us!” is far more secure than “mary88.” Using unique passwords for different accounts is important so that a hacker can’t access all of your accounts if he/she gains access to one of your passwords. I know what you’re thinking: “But remembering all those passwords is way too difficult!” That’s where a password manager comes in. Password managers can securely store your passwords so that you no longer need to memorize them. LastPass is a good option, but there are many others out there as well.
2. Use multi-factor authentication where possible.
Huh? Multi-what?? Multi-factor authentication (MFA) simply means a user will need more than just your username and password to access your account. The most common form of MFA involves entering a 6-digit code that has been texted to your cell phone after you’ve entered your username and password. In this case, a hacker would need your username, password, and cell phone in order to access your account. This is an important layer of security for your most critical accounts, including your financial accounts, password manager, and yes, even your email.
3. Keep your software up to date.
When Windows says it has updates to install, don’t put them off. The same goes for your anti-virus software (more on that later) and the operating systems on your mobile devices. The bad guys continue to find ways to hack into various systems. That’s why software companies are constantly releasing patches to plug the holes that hackers have exploited. Be sure to help them plug those holes!
4. Install anti-virus software.
Microsoft Defender comes standard with Windows 10 at no extra cost. Symantec and McAfee are also good options. Choose your software, install it on every computer in your office, and keep it updated. This may be your last line of defense.
5. Never share credentials.
Assign unique accounts (email, practice management software, etc.) to all employees, limit their permissions, and NEVER share your passwords with them. If an employee leaves, disable his or her account immediately. A disgruntled employee with access to your accounts can do a great deal of damage.
6. Lock your screen.
Getting up to grab a cup of coffee? Press the Windows Key and L on your keyboard before you get up. It only takes a fraction second. Never leave your computer unlocked. Remember that disgruntled employee we just mentioned? Don’t take a chance—just lock the computer and re-enter your password when you return. Again, it only takes a second.
7. Educate your employees.
Countless ransomware (and other cyber) attacks begin with a simple phishing email. This is an email that appears to come from a reputable source, maybe your bank, a vendor, or even an employee. These emails typically contain malicious attachments or links, or in some cases, they simply aim to start a dialogue with you in the hopes of tricking you into giving up information (account credentials, social security number, etc.). Learn about phishing and educate your team. Talk about it often. Sure, your employees will probably get tired of hearing about it, but they also might think twice before clicking on a link that promises a $100 gift card.
There are many more steps that you can take to protect yourself and your business from cyberattacks (data backups, secure Wi-Fi, firewalls, etc.). And although no one is ever completely safe from cyber threats, every step listed above will bolster your security and reduce your chances of becoming a victim. You don’t need to have Fort Knox-level security—just don’t leave your front door wide open.