Vill du läsa artikeln på svenska? Klicka här
A third of Swedish companies report having experienced at least one cybersecurity incident in the past year. This is revealed in the latest Azets Barometer, providing business insights from small and medium-sized companies in the Nordics, the UK, and Ireland. Here are some tips on how to improve your cybersecurity.
Azets' recurring survey, Azets Barometer, shows that it is primarily companies with 50 - 249 employees who report having experienced incidents. However, nearly one-fifth of companies, primarily small businesses, state that they do not know or do not want to disclose whether they have been subject to any incidents. This may indicate that larger companies have a higher awareness of cybersecurity and are more likely to report incidents.
Click here to see the full results from Azets Barometer in an interactive dashboard.
Swedish companies also reveal that they will invest in digitization and cybersecurity in the coming year, indicating a focus on technological improvements.
Digital solutions are crucial for the operation to function for efficient internal collaborations and to offer a smooth customer experience. However, it poses a risk of hacker attacks. We see this both in the results from Azets Barometer and especially in the IT attack earlier this year, where 120 authorities and tens of thousands of employees were affected.
Recognize the warning signs.
The most important thing you can do is to make sure your staff knows the warning signs. In suspicious emails, they should check for unknown addresses, strange spelling mistakes and subjects that try to lure the recipient into clicking on hyperlinks.
The basic rule is never click on anything unless you know for sure that you can trust the site it comes from.
Some warning signals are very subtle, and it is becoming increasingly important to have a routine of updating yourself and your staff on what to look out for. Staff awareness of the problem is the first line of defense.
There are plenty of online courses with comprehensive instructions on how to best protect your business. Onboarding of new staff should include a course on cybersecurity, and it should be one that explains the topic in a simple and effective way.
Recognising phishing attempts and threats requires some technical experience. Being able to tell the difference between a trustworthy email and a suspicious email is difficult. Start by looking at the sender email address to see if it includes typos or looks suspicious, and question the message.
Two-factor authentication
Millions of user account details and passwords are stolen every year in security breaches of online services, and the owners of the stolen accounts may not even be notified of the breach until long after it has happened.
To protect your accounts and passwords, there is multi-factor authentication. In short, it means that you add an extra layer of security to verifying or logging in to an account online with an extra security element in addition to username and password. The most usual methods are receiving a text with a code, using a code-generating app on your mobile device or computer, or even having a physical USB device to plug into your computer when logging in.
Stolen login credentials have become such a big problem nowadays that multi-factor authentication is no longer something that should be considered an option; no, it has become mandatory to ensure that your interests online remain safe. We recommend enabling multi-factor authentication on all services that support it.
You can use this online service to check if your email address has been part of a known breach (https://haveibeenpwned.com/). If you suspect that your data has been misused, you should immediately change your password and enable multi-factor authentication if supported.
Passwords
Do you tend to use the same passwords for almost every online account?
You are certainly not alone. Most people fall into the trap of reusing the same passwords, which unfortunately carries a certain risk. It is not always necessary to attack a system from the outside to gain access to passwords. Sometimes all you need is a good guess. After all, most of us have more than one account online and the amount of information you always need to remember can be overwhelming. So we tend to reuse passwords that are easy to remember but also easy to guess.
If a hacker can find enough information about you online, they can guess simple passwords and apply them to your accounts. If you reuse the passwords, you give the cybercriminal easy access to all your information.
But there is one rule of thumb to remember regarding passwords: a long password is much better than a complex one.
Instead of using letters, numbers and special characters, you can use the first lines of a poem you wrote yourself as your password. If it rhymes, it's easier to remember, and if you have written it yourself, it is hard for a computer to guess. Alternatively, you can use the lyrics from a song or a phrase that means something special to you. If it is something only you could come up with, even better.
For example: The password “There is nothing like a blue horse” is a million times more secure than the password “adl1343#!yXC”.
Many services still require us to use complexity, which means that it may still be necessary to keep a written copy of our passwords. But make sure you keep it in a safe place. So-called password reminders are also a good option.
Social media
Social media makes it easy for an attacker to collect information if you are not careful. It is important to remember that all the personal information you share, such as your date of birth, your name, your address and your friends list, will be collected by someone and used against you, even if only to tailor ads.
By limiting the amount of information about yourself online, you can prevent fraudsters from getting a clear picture of who you are. If they do not have a clear picture, they cannot customise their attacks against you enough to trick you. They will also not be able to impersonate you online.
You can also make your social media accounts private so that only friends can see your profile and interact with you. It is highly recommended to make sure you know the person sending you a friend request before accepting it.
If you want to know what information is available about yourself online, a simple search of your name in a search engine will give you the answer. Such a search may even remind you of old accounts that are just hanging around and not being used, and by deleting them you will remove another method of finding your information online.
Optimise your online and social media presence with these simple tips:
- Only accept friend requests from people you know.
- Read the privacy policies of the websites you create accounts on.
- Do not provide personally identifiable information (e.g. geographical location when posting pictures, phone number, address or photos of passports, credit cards or pay slips).
- Limit the amount of information about yourself that can give fraudsters a clear picture of who you are so they cannot impersonate you or target you.
- Try googling yourself and see what information you find
With two-factor authentication, mandatory cybersecurity training, long passwords and sound social media habits, your business should be well prepared against cyber attacks.
Subscribe to our newsletter
Stay updated on everything in accounting, payroll and HR and gain unique insights and advice from our articles. Fill in the form below to subscribe to Azets newsletter.
