Protecting your business from cyber attacks

Cyber-attacks became a frequent topic among companies because they turned into a regular occurrence. The most devastating cyber-attack happened in 2016 when it was reported that over a billion Yahoo email accounts had been hacked. To make matters worse, the hackers went online to sell the passwords to these accounts (over a billion!) and started pointing out the vulnerabilities of the company. However, this is not an isolated incident featuring a cyber-attack, even though is probably the most massive one in recent history (if we don’t count Bitcoin heists).

Email accounts tend to be the weak link in companies security policies, and at the same time, they are a treasure of essential information. Almost all of the critical data about a business transaction is exchanged and stored on email accounts. That is why we prepared a short analysis that can give you a few ideas about protecting your company from cyber-attacks.

Implement a cyber-security plan

The first step towards virtual protection is drafting a cyber-security plan. For a more detailed approach, you can also prepare a SWOT analysis of your current cyber defence, to identify the risks and the strong points. Once you have a clear picture of your weaknesses, you should start contemplating possible solutions.

The cyber-security plan should be devised of multiple sections, with the accent on ensuring a secure email service, secure website passwords, payment information and third-party logins. If you think you need extra help in drafting this plan, you can take pointers from an incredibly useful tool called the Small Biz Cyber Planner 2.0 developed by the Federal Communications Commission.

Use email encryption

Email encryption is another possible solution you can consider for upping your security game. Email encryption helps in the protection of personal information, specifically from hackers, by authorising only specific users to access your emails. Since email encryption has been evolving in the past couple of years, today you have more than one option and protection level to choose from.

You can purchase an auxiliary software, which would be integrated into your email account and create an additional layer of protection. The other option is to install an email certificate like PGP (Pretty Good Privacy), which would provide your team with a public and private key. They could share the public key with virtually anyone that wants to send them an email, but that email can be accessed only with the private key, known by the employee.

The simplest option would be to use a third-party encrypted email service, but only if you can trust their security measures.

Ensure password security

Password security is your most important part of the cyber-security plan because that is how access is gained. Each person on your team should have a professional email account with a personal password, and you should consider adding a provision in your company’s security policy about changing passwords every two to three months. Each password should contain at least 12 characters, which are a combination of letters, numbers and symbols. Furthermore, as an extra security measure, you can add a multifactor authentication each time a password is changed.

You should warn your employees to stir clear from obvious passwords or easy passwords (like 12345 or the company’s name) and to avoid using one password for multiple sites. To make it easier on them, you can sign them up for a security tool that saves passwords, PINs and other sensitive information like LastPass, Password Genie or others. Furthermore, you can even sign up on a watchdog list like Breach Alarm, which will notify you if your email address shows up on a suspicious site.

Develop an email retention policy

The email retention policy comes down to purging the inbox of emails that don’t comply with the business effort. Most companies have automated archiving in place, which takes care of the clutter in the inbox. Once the standard is set, you might need to remind your employees to delete the emails that don’t comply with the company’s retention policy.    

Train employees

To successfully implement any of these security measures, your team needs to be informed and educated on the subject of cyber-security. They need to be aware of the actions you’re taking to ensure safety and the way these processes will affect their workflow and methods of working. Furthermore, they need to know how to use all the tools you have appropriately put at their disposal. As the company’s manager, you can hold a seminar or send out a circular email, which will explain to them what a risky email behaviour is and what type of emails they should avoid.

Employees should be trained to recognise spam when they see it, and they should also refrain from opening suspicious attachments, forwarding emails outside the company or using the professional email address for personal purposes.

Set standards for mobile device usage

If your employees use mobile devices to read and respond to professional emails, they should be adequately protected from hacker attacks (via shared WiFi networks). This means that the company needs to issue a set of standards for mobile device usage. There are a few options you can choose from, like using encryption in combination with an approved mobile security app. Moreover, you should let your team know that they have to keep the mobile device password-protected at all times.

Avoid common pitfalls

In our short analysis of the cyber-security subject, we mentioned some of the fundamental solutions business used to avoid virtual attacks and damages. However, the discussion on this topic is just beginning, regarding new security solutions and attacks, and it’s still early for predictions. What we know so far is that cyber-attacks are getting more frequent, and more successful, so taking a few extra measures might be a prudent move if you want to protect your B2B communication.

Sometimes a hack can occur when an employee is not looking, so make sure you inform your team always to lock their computers before they leave. Computers should not be left unattended in any scenario. Engaging with your team and teaching them how to build a secure information environment can save your company from potential cyber-attacks down the line.