The pandemic has forced businesses to take a digital turn (by adopting telecommuting and online commerce) that now makes them highly vulnerable to cyberattacks. Here’s how to protect yourself.
Logically, businesses should urgently upgrade their IT network security. Yet, too many executives give up before they even try, no doubt overwhelmed by what seems like an insurmountable task.
In a February 2021 report released by the Canadian Federation of Independent Business, 6 in 10 executives agreed with the following statement:
I don’t have the time, knowledge or resources to properly protect my business from cyberattacks.”
Yet, it turns out that the “minimum” to protect a business is not unreasonable or extravagant. Cybersecurity consultant Jean-Philippe Racine, president of CyberSwat Group, urges businesses to consider “three essentials” that can greatly reduce the risk of suffering a cyberattack or limit the damage if one does occur:
- Two-step strong authentication;
- Employee training;
- The use of “immutable” backups.
We explain these measures with the help of Emeline Manson, fraud prevention and cybersecurity trainer and founder of EM Développement.
1. Activating two-step authentication
Two-factor authentication refers to the sequence where an application asks us to enter a second authentication code after we enter our username and password. This second code is generated by the application itself; it is then sent to us via text message, email or an authentication code management application.
This counters almost all automated attacks that look for user/password combinations,” says Jean-Philippe Racine.
To add a layer of security to the process, Emeline Manson advises receiving this famous code on an authentication code management application rather than by text or email.
2. Educating employees
According to Verizon’s 2021 Data Compromise Investigation Report, 85% of computer breaches today are still attributable to human error, and 35% of breaches result from phishing (which is the technique where an employee is prompted to click on a link or attachment that leads to the release of malware).
Unsolicited links and attachments are the biggest gateway into a company, warns Emeline Manson. And phishing can come from anywhere: a text message, a message on a social network or an email.“
In light of these statistics, it’s easy to see how important it is to make employees aware of these types of threats. This is the mandate of Emeline Manson, who offers online training and coaching to businesses and solopreneurs who want to adopt best practices in cybersecurity.
Manson also points out that cyber hackers are becoming increasingly adept at impersonating a supervisor via email to order an employee to make an illegal transfer of funds, known as “president fraud”. This requires employees to be extra vigilant for this type of fraud and threat.
3. Use an “immutable” storage solution
An “immutable” storage solution is an application that provides a backup that cannot be deleted by any user. Using this type of backup can be critical to recovery when a company has been infiltrated by ransomware and all of its data is encrypted.
In a ransomware attack, hackers not only take the data hostage, but they will also try to encrypt the backups,” explains Jean-Philippe Racine. If you use immutable backups, you speed up the recovery of systems when you are the victim of a computer attack.”
Of course, ensuring a company’s cybersecurity can go much further than these three “essentials.” Especially if your business has sensitive data. However, cybersecurity should be viewed as a continuous improvement project. A company takes one step at a time toward a greater level of compliance.