If you’ve been in business for any amount of time, you probably don’t need anyone to tell you about the importance of cybersecurity. However, unlike the lock to a physical door, which generally lasts a good long time, measures you take to protect your company from hackers and malware need to be updated and reinforced much more regularly.
Two common categories
Most of today’s business cyberattacks fall into two main categories: ransomware and social engineering.
In a ransomware attack, hackers infiltrate a company’s computer network, encrypt or freeze critical data, and hold that data hostage until their ransom demands are met. It’s become a highly common form of cybercrime. Just one example, which occurred in October 2022, involved a major health care system that had recently executed a major M&A deal.
On the other hand, social engineering attacks use manipulation and pressure to trick employees into granting cybercriminals access to internal systems or bank accounts. The two most common forms of social engineering are phishing and business email compromise (BEC).
In a typical phishing scam, cyberthieves send fake, but often real-looking, emails to employees to entice them into downloading attachments that contain malware. Or they try to get employees to click on links that automatically download the malware.
In either case, once installed on an employee’s computer, the malware can give hackers remote access to a company’s computer network — including customer data and bank accounts. (Also beware of “smishing,” which is when fraudsters use text messages for the same purpose.)
BEC attacks are similar. Here, cyberthieves send fake emails mainly to accounting employees saying the company’s bank accounts have been frozen because of fraud. The emails instruct employees to reply with account usernames and passwords to supposedly resolve the problem. With this information, thieves can wreak financial havoc — including initiating unauthorized wire transfers — which can be difficult, if not impossible, to reverse.
Here are a few things you can do to guard against cyberattacks:
Continually train employees. Conduct mandatory training sessions at regular intervals to ensure your employees are familiar with your cybersecurity policies and can recognize the many possible forms of a cyberattack.
Maintain IT infrastructure. Instruct and remind employees to download software updates when they’re available. Enforce a strict policy of regular password changes. If two-factor authentication is feasible, set it up. This is particularly important with remote employees.
Encrypt and back up data. All company data should be encrypted and regularly backed up on a separate off-site server. In the event of a ransomware attack, you’ll still be able to access that data without paying the ransom.
Restrict access to your Wi-Fi network. First and foremost, it should be password-protected. Also, move your router to a secure location and install multiple firewalls. If you offer free Wi-Fi to customers, use a separate network for that purpose.
Consider insurance coverage. Insurers now sell policies that will help pay costs associated with data breaches while also covering some legal fees associated with cyberattacks. However, you’ll need to shop carefully, set a reasonable budget and read the fine print.
Defend your data
None of the measures mentioned above are one-time activities. On a regular basis, businesses need to determine what new training employees need and whether there are better ways to secure IT infrastructure and sensitive data. Let us help you assess, measure and track the costs associated with preserving your company’s cybersecurity.
We highly recommend you confer with your Miller Kaplan advisor to understand your specific situation and how this may impact you.