If you own a small or medium size business and then add the increased threat of having remote workers, you should be thinking and strategizing about your company’s cybersecurity awareness plan.
Most Medicare or health-insurance agents are sole proprietors. In the 2018 Data Breach Investigations Report, Verizon found that 58% of all cyberattacks target small businesses. Moreover according to the U.S. National Cyber Security Alliance, 60% of small companies are unable to sustain their business more than six months following a cyberattack. We see this trend because, according to the Ponemon Institute, the average cost for small businesses to clean up after being hacked is about $690,000 and, for middle market companies, it is over $1 million. Can you sustain that cost?
Since October is National Cybersecurity Awareness Month, Hovis & Associates would like to share some strategies to arm you against the real threats in our virtual environments.
- Encrypt your devices! If you are accessing, downloading, or sharing materials and/or completing online applications on your device (computer, phone, or tablet), encrypt it. If you do happen to be hacked, your information will be unreadable!
- Enable two-factor or multi-factor authentication for your device AND each online account where it is available. You can use programs like Passly to add a layer of security to your devices to serve as a multi-factor program for your initial computer/device login. This is the easiest way to protect your accounts and devices from getting hacked.
- Review and change all your passwords every 90-180 days. Create complex, strong, unique passwords or passphrases on different sites and systems that are at least 12 characters in length and include upper and lower-case letters, numbers, AND symbols. A strong password with 12-characters takes 200 years to hack versus an 8-character password which only takes 19 minutes! If you have initiated two-factor, you can wait up to six months before changing those passwords again, otherwise the rule of thumb is every 90 days.
- Institute phishing simulations and trainings for yourself and the entire office to detect risky emails and attachments by utilizing Google’s Phishing Quiz. If you want a program that keeps track of your accomplishments, trainings, and has a reporting mechanism, try PHIshMD. According to Herjavec Group, 90% of cyberattacks are initiated by a phishing scam…that is scary stuff! So, make sure you think before you click.
- Setup your computer or device to automatically lock out after 5 minutes of no use. It is also super important to secure sensitive files and lock your computer screens when you need to walk away.
- Watch out for the pop-ups! Make sure to deactivate pop-ups and only select to open pop-ups from trusted sources. It is risky to interact with unexpected pop-up windows and ads because they can install malware and viruses.
- If you work for a small to medium size business and you are working remotely, make sure you are connecting to the network via a Virtual Private Network (VPN).
- Be sure to maintain separation by not allowing children, family, or friends to use business devices for personal activities.
- Change your routers’ administrator password. This is crucial because amateur hackers to seasoned cyber criminals can find that password online or on the dark web and use it to get into your network. Consequently, it is also vital to update your router’s firmware on a regular basis or when an update occurs.
If you would like a more thorough explanation of how to be cybersmart, Hovis & Associates is here to help. We Make the Complicated SIMPLE! Call 888-613-6196 and ask for Heather Hovis!