As cyber criminals everywhere pivot their "business models," this doesn't mean an end, and business leaders should all be on high alert. At the beginning of the pandemic in 2020, INTERPOL released a report that found that as more people were working remotely, businesses became contactless, and internet usage rapidly grew. Based on IBM's Cost of Insider Threats Report, the numbers don't lie; SMB lost a massive $2.64 billion from cyberattacks massive $2.64 billion from cyberattacks based on IBM's Cost of Insider Threats Report.
1. Choosing Not to Use Multifactor Authentication Apps (MFA)
Multifactor authentication apps have three vital categories:
1. The password you use to access your account
2. The authenticator app gives you a code that expires in a short amount of time
3. Biometrics, which could be you answering a simple question or doing a scan of your face or fingerprint
The power of harnessing MFA isn't something that can be understated; without it, a hacker can get your password and quickly make their way into a company's device or network.
2. No Cybersecurity Team
If your company doesn't understand how much priority cybersecurity should be when a cyberattack does happen, it will be too late to respond or do anything to fight it. A company is walking on thin ice without proper cybersecurity experts or even an outsourced team. Without the appropriate professionals working for your company, an attack of any size could topple the entire firm.
3. What About a Recovery Plan?
When anyone starts a business, they should develop a thorough and complete business plan that looks at how it works, where revenues will come from, and what will set the company apart from competitors. The same goes for IT disasters; businesses need to plan when an attack happens and what strategies to mitigate any losses.
4. Give Access as Needed
Smaller businesses everywhere typically require employees to wear several hats and take on different roles. Some employees need too many contact lists, market analyses, and other business information. It's important to give access to employees as needed, not to have open access for anyone to check out, keeping any attacks at bay.
5. Little to No Training to Identify Phishing Attacks
Recent studies find that over 91% of all cyberattacks are phishing email campaigns. Hackers lure victims in by sending what can look like a legitimate email from a service they use, but as they plug in their info, they're handing it over to the attacker. Employers who invest in training for employees to spot phishing attacks will be glad that they did whenever a shady email appears.
6. Reusing Old Passwords (Duh!)
What seems like a no-brainer is something we've all done, using old passwords just because it's easy to remember. Employers should mandate that every 30 days, all employees much change their passwords to ensure that there's no chance of cyberattacks. Without changing passwords frequently, a company is putting itself at risk of a hacker quickly entering different accounts and causing mass mayhem.
7. Thinking Your Business is Too Small
Businesses of any size can be victims of cyberattacks, and it's foolish to think otherwise because hackers don't see things that way. The truth is that no business is too tiny, hackers are looking for a victim, and any size is fine.
Just like a pack of wolves picking off caribou, they're looking for which is the most accessible meal ticket. For many attackers, it's a numbers game, looking for the easiest option.
Hungry for more? Join me each week, where I'll break down complex topics and dissect the latest news within the cybersecurity industry and blockchain ecosystem, simplifying the world of tech.