Vill du läsa artikeln på svenska? Klicka här
At a time when businesses are investing heavily in digitalisation and home office solutions are becoming the norm, it is essential to shed some light on corporate cybersecurity.
Common causes of security breaches
The ability to work from home brings a lot of wonderful benefits and solutions, but it also makes it easier for hackers to target individuals. If your staff has not been familiarised with basic safety measures in advance, the risk of accidentally clicking on the wrong link or being careless while working in public locations increases.
Digitalisation is crucial for sales and business growth. 70% of companies surveyed in the latest Azets SME-report consider cybersecurity protection to be the most important technological innovation for their business. Digitalisation is essential to improve business efficiency and stay ahead of the competition, but it can also lead to new challenges as phishing criminals are getting more and more creative in their attempts to come up with relevant topics that will make people click on their malicious links.
Cyber attacks are constantly evolving, but there are some basic rules of thumb that can minimize the risk of successful attacks:
- Training in and improving the technological understanding of all staff
- Two-factor authentication for all key business tools
- Longer passwords
- Sound social media habits
Recognize the warning signs.
The most important thing you can do is to make sure your staff knows the warning signs. In suspicious emails, they should check for unknown addresses, strange spelling mistakes and subjects that try to lure the recipient into clicking on hyperlinks.
The basic rule is never click on anything unless you know for sure that you can trust the site it comes from.
Some warning signals are very subtle, and it is becoming increasingly important to have a routine of updating yourself and your staff on what to look out for. Staff awareness of the problem is the first line of defense.
There are plenty of online courses with comprehensive instructions on how to best protect your business. Onboarding of new staff should include a course on cybersecurity, and it should be one that explains the topic in a simple and effective way.
Recognising phishing attempts and threats requires some technical experience. Being able to tell the difference between a trustworthy email and a suspicious email is difficult. Start by looking at the sender email address to see if it includes typos or looks suspicious, and question the message.
Two-factor authentication
Millions of user account details and passwords are stolen every year in security breaches of online services, and the owners of the stolen accounts may not even be notified of the breach until long after it has happened.
To protect your accounts and passwords, there is multi-factor authentication. In short, it means that you add an extra layer of security to verifying or logging in to an account online with an extra security element in addition to username and password. The most usual methods are receiving a text with a code, using a code-generating app on your mobile device or computer, or even having a physical USB device to plug into your computer when logging in.
Stolen login credentials have become such a big problem nowadays that multi-factor authentication is no longer something that should be considered an option; no, it has become mandatory to ensure that your interests online remain safe. We recommend enabling multi-factor authentication on all services that support it.
You can use this online service to check if your email address has been part of a known breach (https://haveibeenpwned.com/). If you suspect that your data has been misused, you should immediately change your password and enable multi-factor authentication if supported.
Passwords
Do you tend to use the same passwords for almost every online account?
You are certainly not alone. Most people fall into the trap of reusing the same passwords, which unfortunately carries a certain risk. It is not always necessary to attack a system from the outside to gain access to passwords. Sometimes all you need is a good guess. After all, most of us have more than one account online and the amount of information you always need to remember can be overwhelming. So we tend to reuse passwords that are easy to remember but also easy to guess.
If a hacker can find enough information about you online, they can guess simple passwords and apply them to your accounts. If you reuse the passwords, you give the cybercriminal easy access to all your information.
But there is one rule of thumb to remember regarding passwords: a long password is much better than a complex one.
Instead of using letters, numbers and special characters, you can use the first lines of a poem you wrote yourself as your password. If it rhymes, it's easier to remember, and if you have written it yourself, it is hard for a computer to guess. Alternatively, you can use the lyrics from a song or a phrase that means something special to you. If it is something only you could come up with, even better.
For example: The password “There is nothing like a blue horse” is a million times more secure than the password “adl1343#!yXC”.
Many services still require us to use complexity, which means that it may still be necessary to keep a written copy of our passwords. But make sure you keep it in a safe place. So-called password reminders are also a good option.
Social media
Social media makes it easy for an attacker to collect information if you are not careful. It is important to remember that all the personal information you share, such as your date of birth, your name, your address and your friends list, will be collected by someone and used against you, even if only to tailor ads.
By limiting the amount of information about yourself online, you can prevent fraudsters from getting a clear picture of who you are. If they do not have a clear picture, they cannot customise their attacks against you enough to trick you. They will also not be able to impersonate you online.
You can also make your social media accounts private so that only friends can see your profile and interact with you. It is highly recommended to make sure you know the person sending you a friend request before accepting it.
If you want to know what information is available about yourself online, a simple search of your name in a search engine will give you the answer. Such a search may even remind you of old accounts that are just hanging around and not being used, and by deleting them you will remove another method of finding your information online.
Optimise your online and social media presence with these simple tips:
- Only accept friend requests from people you know.
- Read the privacy policies of the websites you create accounts on.
- Do not provide personally identifiable information (e.g. geographical location when posting pictures, phone number, address or photos of passports, credit cards or pay slips).
- Limit the amount of information about yourself that can give fraudsters a clear picture of who you are so they cannot impersonate you or target you.
- Try googling yourself and see what information you find
With two-factor authentication, mandatory cybersecurity training, long passwords and sound social media habits, your business should be well prepared against cyber attacks.
Subscribe to our newsletter
Stay updated on everything in accounting, payroll and HR and gain unique insights and advice from our articles. Fill in the form below to subscribe to Azets newsletter.