The old adage in IT is ‘the bad guys only have to be right once – while we have to be right 100% of the time‘.
Never were those words more true. We share ‘on the daily’ about how businesses are being bombarded by bad actors. The news is so prolific that it becomes numbing. Of course, this leads to complacency and to our guards being let down. This is so not the time to let your guard down!
Hackers are coming HARD for small and medium-sized businesses because it is so incredibly lucrative for them to do so. They have found that if they can get in with just one little mistake – then they have a nice ‘cash cow’ on their hands.
Many of the ways into your network are made by little, easy to fix mistakes – here are ways you can shore up your security and make it harder for hackers to get in.
1. Make your passwords complicated – and don’t use them over and over again for multiple accounts. If hackers get one of your passwords – 9 times out of 10 – they will try other accounts with that password to see if they can get in. If a personal account is compromised (or several) – make sure to change all of your work passwords too.
2. Enable 2-factor or multi-factor authentication on any online account you can. There are many free authenticators out there to use (or just do SMS text even) to further secure your accounts. If you don’t think hackers will care to get into your Netflix or Spotify account – you are wrong. Those are great places to harvest data – including #1 above
3. Be leary of emails. Hackers are good – they know everyone gets packages (most likely from Amazon) – if you didn’t order a package – don’t click the ‘delivery late’ link. Trust us on this. Check those reply to emails – hover over links to see where they go – if you happen to click on a link and it takes you to a page to ask you to ‘login’ – get out fast. And whatever you do – do not click on that ‘excel or pdf’ doc link or download unless you were expecting it and you know the sender. Even the best antispam filter will let a ‘legitimate’ email through. If you are unsure – contact the end-user directly; preferably by phone – just in case they were compromised. Better to be safe than sorry.
4. Watch out for spoof calls. The hackers have gotten good at changing the ‘caller ID’ to look like legitimate companies you do business with. Yesterday – got a call from ‘Amazon’ that they could not deliver a package because they could not find my business address. ALMOST called back – but the fact they didn’t mention my business name in the message had me go to Amazon to check if I had packages coming (I didn’t). Even those of us who do IT for living can be fooled by a good hack (which leads to #5 & #6)
5. Get your business some good tools to combat the hacks before they ever make it to you! Have a good antivirus and antispam (at the minimum). Good monitoring tools, best practice backups, endpoint detection and response along with a managed threat response are even better. And to really keep you protected – the gold standard is Zero Trust.
6. Train your staff to be on the lookout. Train them to be defenders of your network from the inside. The best defense against intruders is from the inside. Don’t open the door and let them in.
It’s time to make it hard for the hackers. Don’t be an easy target – let them move on to easier prey. Contact us today to help you secure your business.