One way to secure supply chains from a chain reaction of cyberattacks is by utilizing IBM Security...
5 Steps to Prevent Cybercrime in your Business and Home
Operating a business demands persistence and sometimes a bold move. Each day presents fresh obstacles, cybercrime and at times the stress and unpredictability can become overwhelming. During those moments, it’s important to recall the reason behind taking the leap – the fulfillment of bringing your aspirations to life – and to keep pushing forward.
When you invest that level of dedication into your business, it can almost become a second home. And just as you safeguard your actual home with a secure security system and sturdy locks, it is essential to update cybersecurity for your business as well. Unfortunately, 43% of cyberattacks are now aimed at small businesses, and a disheartening 60% of those businesses will shut down permanently within half a year of the attack. These are staggering figures, which is why we’ve decided to include Microsoft Defender for Business with every subscription to Microsoft 365 Business Premium – because every business deserves access to enterprise-level comprehensive security.
It’s always our ambition to make technology an equalizer, to enable a small business to compete with a larger business with the power of technology and close that gap.
—
As part of Cybersecurity Awareness Month, Brad Smith, President of Microsoft, had an intimate fireside chat with Isabella Casillas Guzman, Administrator of the United States Small Business Administration (SBA), at the first-ever Small Business Cyber Summit in October 2022. The two leaders discussed ways in which small and medium-sized businesses (SMBs) can enhance their cybersecurity defenses with limited resources. With that objective in mind, I’d like to extend an invitation for a complimentary security evaluation consultation to assess where your business could potentially improve its protection. Furthermore, this blog post outlines five simple steps that any business can take to guard against cyberattacks – starting right now.
1. Monitor everything around the clock
During his conversation with Administrator Guzman, Brad Smith emphasized the advantage of transitioning to cloud-based security in terms of reducing worries about protection. “If everyone is trying to run their software on their own hardware within their own premises, it means you have to take care of all the hardware maintenance yourself,” Brad Smith explained. “However, if you move to the cloud, that becomes our responsibility.”
Microsoft Cloud currently monitors and analyzes 43 trillion threat signals on a daily basis. This includes tracking 35 families of ransomware and more than 250 distinct nation-states, cybercriminals, and other potential threat actors. The extensive scope and depth of protection offered by Microsoft 365 Business Premium provide enterprise-level security against viruses, spam, hazardous attachments, dubious links, and phishing attacks. You’ll also receive ongoing protection against ransomware and malware attacks on all your devices, as well as built-in antivirus and endpoint detection and response features. This way, you can concentrate on growing your business instead of constantly battling cyber threats.
2. Update the locks
Just like a neighborhood break-in can prompt us to upgrade our locks or install security lights, protecting your business from cyberattacks begins with a simple step – updating your current systems. Microsoft and other tech companies release updates on Patch Tuesday (the second Tuesday of each month starting at 10:00 AM PT), or whenever any vulnerabilities are detected. “These updates are available free of charge,” Brad Smith emphasized. “But it’s crucial to ensure that your computers are set up to automatically download these updates. That’s one of the most essential things that people can do to secure their systems.”
Additionally, ensure that your business has an updated IT inventory. With the shift towards remote and hybrid work, the practice of using personal devices (also known as “BYOD”) has become widespread. The use of multiple devices, particularly from personal networks, increases the attack surface and the number of potential vulnerabilities. Microsoft 365 Business Premium comes with built-in threat and vulnerability management in Defender for Business, enabling you to secure various devices using a single tool.
Businesses can enhance their protection by regularly backing up their data. In 2021, ransomware attacks increased by 300 percent. The prevalence of ransomware as a service (RaaS) demonstrates that malicious actors are now operating in a more commercial manner. However, attacks on your business data can be prevented by making frequent backups of your crucial files. Automating your backups using a set schedule can help your business optimize its resources and avoid potential human errors.
3. Hide your keys well
Most of us keep a spare house key hidden under a rock or potted plant, but everyone knows better than to put the key under the mat. It’s the same way with passwords: if it’s easy, someone will find it. “It shouldn’t be ABC123,” as Administrator Guzman summed it up. But a recent survey found that among the most common passwords still in use, “password” and “Qwerty” are at the top of the list. In every cybercriminal’s toolkit, today is a kind of brute force attack known as password spray. Simply put, an attacker acquires a list of accounts and runs through a long list of common passwords attempting to get a match. Since cybercrime most businesses have a naming standard for employees (for example, firstname.lastname@company.com), adversaries can often get halfway in your door just by using the information found on your website.
Securing your business from cybercrime can be simplified by using features like built-in password generators, biometrics or physical security keys, and multifactor authentication. Browsers like Microsoft Edge have password generators that will create strong passwords and remember them for you. Alternative options like Windows Hello and FIDO2 security keys eliminate the need for passwords entirely. If you choose to keep passwords, multifactor authentication is the best way to ensure secure access. This method requires users to verify their identity through an additional factor such as an OTP sent via email or text message, personal security questions, face recognition, or voice recognition.
4. Don’t open the door to just anyone to avoid cybercrime
Just like it’s not wise to open your front door without knowing who is on the other side, it’s crucial for businesses to stay informed about the latest phishing scams, cybercrime and social engineering tactics used by cybercriminals to gain access. In 2022, the most frequent types of cyberattacks are still malware (22%) and phishing (20%). The majority of cyberattacks now involve human involvement, with 85% of breaches resulting from human error. Nonetheless, most phishing emails can be easily recognized due to common “hooks” that can be learned, such as:
- Request for user credentials or payment information: Avoid clicking on a suspicious link. Instead, manually enter the company’s website address into your browser to access your account directly.
- An unfamiliar tone or greeting: Phishing emails are often sent from abroad, so be aware of any odd or inconsistent syntax or tone, including language that is too formal or too informal, or a mixture of both.
- Grammar and spelling: Authentic companies take the time to edit their emails before distributing them.
- Inconsistent email address or “lookalike” domain name: A common tactic of phishing emails is to slightly alter the email address or domain, making it different from the legitimate one (e.g. using “microsotf.com” instead of “microsoft.com”).
- Threats or a sense of urgency: Scammers may try to prompt you to click the link by using alarmist headlines like “Update your account information immediately or risk losing access.” If you’re uncertain, it’s best to directly enter the URL into your browser instead.
- Unrequested attachments: If an email from an unexpected sender comes with an attachment, it is best to verify its authenticity by opening a new email and asking the sender, instead of clicking the attachment right away.
If you come across a phishing email, it’s important to report it. In Microsoft Outlook for business, simply select the suspicious message, click on “Report” from the top ribbon, and select “Phishing.” This will remove the message from your inbox and assist in blocking similar emails in the future. Microsoft Defender for Office 365 Plan 1 provides protection against advanced phishing, malware, spam, cybercrime, and business email compromise, and comes with pre-configured policies for quick and easy set-up, including a simple wizard-based onboarding process for your Windows devices, servers, and apps.
5. Stay informed about how to prevent break-ins in cybercrime
Neighborhood watch organizations and local police usually collaborate to inform residents about break-ins and how they may better protect their houses. There are cybersecurity resources available to you regardless of the size of your company. The SBA provides best practices for averting cyberattack, such as a cybersecurity planning tool and continuing online and local cybersecurity events. Cybersecurity training for cybercrime shouldn’t be viewed as a one-and-done exercise, even if you are the sole employee. Threat actors are always acquiring new knowledge and honing their craft, and so should we.
The Microsoft Small Business Resource Center and Microsoft’s virtual security training for SMBs assist SMBs in providing themselves with the information necessary to stop phishing attempts, secure remote devices, and guard against identity theft including cybercrime. Their SMB security training also includes how to collaborate more securely with coworkers while staying safe while working on-site and from home. At the end of the day, “[cybersecurity] becomes a little bit like a seatbelt: we know it saves lives, but you do have to put it on,” Brad Smith said during his conversation with Administrator Guzman.
Microsoft is here for you
In a few words, Microsoft has your back to summarize the main message of Brad Smith’s speech for SMBs. We’re all in this together because small businesses account for more than 99% of the American economy. Take advantage of Microsoft’s free security consultation, which offers data-driven, actionable insights into the security flaws in your environment.
Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.
For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com