Staying Cyber Safe and Secure

There are new headlines weekly about cybersecurity incidents like ransomware attacks. Large companies, government agencies, universities, school districts, and small companies are all common victims. Staying up-to-date on the latest cybersecurity attacks would likely take too much time away from your business; however, there are some general guidelines you can follow and train your employees to follow to keep your computer systems safe.

Watch out for phishing email scams. Phishing is when a cyber criminal sends an email that appears to be from a reputable source, but isn’t. Users then click on a link or photo that triggers installation of a virus, or they are tricked into sharing personal information. Some of the most common phishing email subject lines are:

• Immediate password check required

• Billing information is out of date

• Payroll is delayed

• Updated vacation policy

• Confidential information enclosed

• Your meeting attendees are waiting

• Documents/photos are shared with you

The email subject lines look legitimate, but there is usually something that seems a little “off” about them. Train your employees to look at the source email - does it come from someone they personally know in the company? If there’s any question, don’t click on any links or photos in the email, and do an Internet search on the subject line or contents. Many common phishing scams are shared online. Best practice is to look at the email source, particularly paying attention to what’s after the @. If you are unsure if it’s legit, you can Google the email address and see if that organization comes up and what the url is. (This is why it’s also important for your business to have an email address using your url and not @gmail or other extensions.

Update your computers. When a new vulnerability is exploited in an operating system like Windows, the developers of the system work quickly to create updates or patches to secure end users’ computers against the vulnerability. Check your computers for updates on a regular basis and don’t ignore prompts to update. If you are using software that is now available online, switching to the online version is the safest way to go.

Have a strong password policy. Use two-factor authentication when possible and employ a password-safe keeper for your business like Last Pass. Do not use the same password for different logins. Each unique system you have to login to, should have its own password. If you use software that you share a login for within your business, consider extending your license so that each user has their own login.

Make cybersecurity a part of the company employee manual and the onboarding process. It’s important to set the tone with new employees and ensure everyone is on the same page with cybersecurity. You can use our company security policy template as a way to get started and include it in your employee manual.

Our partners at the Virginia SBDC Cybersecurity program offer free one-on-one cybersecurity counseling, along with regular webinars on various cybersecurity topics. Reach out to them directly or through your local Advisor for advice on specific security concerns. We also offer a free year subscription to Posture to help you assess and build a cyber safe plan. Learn more at the button below.