Five Cybersecurity Best Practices for Small Businesses

Whether you and your employees are on-site or working remotely, your company needs a strong security awareness program. No matter how loyal, savvy, and hardworking your crew is, the business you’ve spent years building up will be exponentially safer when your staff gets cybersecurity training. These are just five of the many topics Alterity’s cybersecurity courses cover.

1. Protect your company and your employees’ identities

Some attempts to weasel sensitive information out of you and your employees are obvious. But cybercriminals are working overtime and getting stealthier as they look for subtle, believable ways to con you and your workers.

We all know passwords are important—no birthdates, pet names, or 123456. Your best bet is a long, strange passphrase that’s unique to each system or device you log in to. Think “peanutbutterhickeysgrassispurple.” Nobody’s going to guess that one or find it with a dictionary-based password-cracking program.

As we explain in our online security awareness training, multifactor authentication (MFA) is essential. This means the user’s identity is verified by two or more factors, such as a combination of a code generated by a smartphone app, a physical device like a badge, answers to personal security questions, or something unique to a person, such as fingerprints, facial recognition, or retina scanning. Combine weird passphrases with MFA and your company is much safer.

2. Mind your personal safety

Too often, people forget that their “friends” on social media might not be their bosom buddies. That person whose friend request you accepted because her name sounded familiar and you think you might have gone to elementary school together could actually be a cyber villain. So be careful what you post. First, there’s your reputation. Something that seems funny after you’ve had a couple of drinks could get shared among your friends—and beyond—and embarrass you, jeopardize your relationships, and even get you fired. Don’t post anything you’re uncomfortable letting the whole world see, because it just might.

Also, don’t be too up-front about your whereabouts. If your whole family is vacationing in Hawaii, do you want everybody to know your home in Massachusetts is sitting empty and undefended? Same for out-of-office replies. Don’t go into a lot of detail about how far you are from the office. If you’re dying to show off your attempts to learn to surf, post a few pictures when you’re safely home.

3. Watch out for phishers and other scammers

Your company needs a phishing awareness program to ensure your staff is educated about sophisticated efforts to get their sensitive information. Phishing is the attempt to get goodies like usernames, passwords, bank account information, and Social Security numbers through fraudulent emails, texts, and phone calls. Did you get an email that says your password must be reset for your bank account? Don’t click the link in the email! Instead, open a new browser window and go directly to the bank’s official site, or call them and ask if they sent the password reset email. Don’t believe that email that allegedly came from an acquaintance who’s stranded in Scotland after losing her baggage.

Proper cybersecurity training will protect you and your employees from falling for scams.

4. Be careful with mobile devices

Mobile tools like laptops and cell phones are wonderful for doing work outside the office, in a park or café. But just because the person at the next table smiled at you doesn’t make him your ally. Don’t expect him to watch your phone charging all by its lonesome while you zip off to the restroom. Phones are easy to pocket in seconds. Be sure there’s a password on that phone or, better yet, that it requires your fingerprint to open.

And public Wi-Fi? Risky. It’s safer to use your own data plan when you’re in public.

5. See something? Say something

Empower all your employees to speak up when they think something is wrong. Cyberattacks can be quick and devastating. Your company needs to get on top of any security breach as soon as possible. Make sure all your employees understand protocols for reporting suspicious cyber issues.

Alterity’s Cybersecurity Training

Whether you and your employees are looking for cybersecurity classes online or you need help with government technology training, Alterity can help. Sample our cybersecurity course offerings on our On-Demand Learning Portal today!

Live Informed, Not in Fear of Cyber Threats

cyber theat

There is no shortage of scary and fearful things going on in the world – a global pandemic, riots, hurricanes, “murder hornets”, “meth gators”, and of course cyber threats and crime. This constant flow of information around all these things has caused a general sense of fear and dread that needs to be addressed. While we could talk about each of these things at length, this article will focus on cyber threats.

Read moreLive Informed, Not in Fear of Cyber Threats

Phishing Statistics and Facts – 2020 Update

email phishing

An innocent-looking email from a friend. A fake email from a bank. A message that looks like it came from your company’s IT guy prompting a password change.

All it takes is one wrong click by an uninformed employee. Then hackers are in, accessing and even gaining control of your corporate system, creating a huge mess to clean up and compromising customer trust forever.

Phishing is a serious threat to any business. And as cybercriminals get increasingly sophisticated, there’s always a new threat, a cutting-edge scam, to look out for.

Read morePhishing Statistics and Facts – 2020 Update

Reducing Liability: Cybersecurity Training, Cyber Insurance, or Both?

cyber security awareness

If you’re not scared, you’re not paying attention. Consider these recent headlines from InformationWeek.com:

  • Average Ransomware Payments Soared in the First Quarter
  • Pandemic Could Make Schools Bigger Targets of Ransomware Attacks
  • Local, State Governments Face Cybersecurity Crisis
  • DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
  • Average Cost of a Data Breach: $116M

Read moreReducing Liability: Cybersecurity Training, Cyber Insurance, or Both?

Remote Work from Home and Virtual Employees Increase Cybersecurity Risks

cyber awareness

Implementing a Security Awareness Program

When coworkers can’t sit side by side in the office, it’s harder for them to know who they’re really dealing with. Is the person signing into your company system actually who they say they are? And with a huge email uptick due to work going 100% remote, workers can be in a hurry to excavate their inboxes and might not be sufficiently cautious.

That’s why companies must devise and implement good security awareness programs and make cybersecurity courses available to all workers. Employees should use two-factor authentication and create stronger passwords and IT professionals must monitor access controls remotely. Fortunately, this isn’t as daunting as it may sound, because Alterity offers excellent cybersecurity classes online.

Phishing

Cybercriminals are constantly honing their attack strategies. According to Accenture’s March 2019 Ninth Annual Cost of Cybercrime Study, criminals are increasingly targeting companies’ human layer with ransomware and phishing schemes. Criminals have identified humans as the weakest link in cyber defense—and now your employees are alone at home, virtually undefended.

Phishers send fraudulent emails or text messages trying to trick people into giving away their personal information. Employees probably know better than to send a bank account number to somebody in Nigeria, and hopefully, they won’t believe their grandson has been thrown in jail and needs bail money. But scammers are growing more sophisticated. They may send emails that look like they come from your company, asking employees for sensitive information about themselves or work projects. Phishers frequently trick people into parting with passwords, account numbers, and payment information, and may send fake invoices. According to the FBI’s Internet Crime Complaint Center, people have reported losses up to $57 million to phishing scams in a single year.

This is why you need to implement a security awareness program that includes regular phishing tests. When combined with a suite of online topics that focus on raising awareness and communicating the reasons for change, employees are more likely to alter the behaviors that put your company at risk. Your workers deserve to keep their personal information safe. And you must make this investment to mitigate risk to your company.

How Alterity Can Help

Alterity is here to help your employees and your company stay safe during this time of increased remote work. We deliver fully virtual courses to your employees through a 12-month cyber security training program. Each month, workers learn about a different topic through a lively mix of handouts, videos, and podcasts that are available through an intuitive, web-based learning portal. Posters and communications are also available to help you launch your program and promote adoption.

We’re excited to help your workers become more informed cyber citizens. Sample our course offerings on our On-Demand Learning Portal today!