1. Enforce Two-Factor Authentication (2FA)
Enforce 2FA on all your accounts related to your business as a company policy, especially those for banking and other sensitive transactions. This significantly increases the level of difficulty for attackers looking to compromise an account, even if they have somehow stolen the password to the account.
Enable the protections afforded by certain sites or tools that your business uses. Many platforms and applications can provide a token, remember devices, and prompt users to change passwords after certain amount of time out.
You can also encourage employees to use 2FA on their personal accounts that aren’t related to the business as an individual precaution.
2. Enforce the Use of Strong, Unique Passwords
For company and business-related logins, enforce a policy that your employees utilize strong, unique passwords for logins. The unique part is especially important. Why? If your password is stolen and dumped, but you haven’t used that password anywhere else, you don’t have to be concerned about your other accounts being hacked.
It’s also a good idea to use a password manager. Some examples are 1Password, LastPass, and Dashlane. These applications help create unique and strong passwords that the system saves, so you don’t have to remember each one.
Based on the above, do you feel confident that the passwords you currently have in place are strong enough? If not, change them right away. It’s a great first step toward protecting your accounts.
3. Be Aware of Scams in Emails
Phishing and social engineering are a couple of ways that attackers can target you or your employees through email. A common ruse is a message claiming you have an undeliverable UPS or Fedex package to get you to give your information. Also, watch out for spoofed emails pretending to be from someone at your company or others you know.
Hover your cursor over hyperlinks included in emails you receive to view the actual URL. Ensure the URL is actually related to or associated with the company whose website you are trying to visit. Refrain from supplying log-in credentials or personally identifying information in response to any email.
4. Educate Your Team
Providing security awareness education for all your employees cannot be overstated. Make your team aware of all the above information, especially around phishing in emails. Scrutinizing an email before clicking any links or attachments is an important precaution everyone can take.
5. Apply Security Patches, Update Software and Sunset End-of-Life Technologies
Security flaws in applications, systems, and devices can be exploited by hackers. Applying security patches ensures you’re keeping up with the security updates released to address discovered flaws. If this is totally outside of your comfort zone, don’t worry. There are many IT consultants and support services that you can hire for help.
End-of-life technologies typically do not get updated, and as such, use of these technologies should be discontinued. If you aren’t sure whether a certain technology is end-of-life, checking the websites for each product is a good place to start.
For more information on Cyber Liability Insurance click here or speak with our Cyber Liability Insurance Experts (855) 667-4621
This material has been prepared for informational purposes only, and is not intended to provide, and should not be relied on for, legal or tax advice. If you have any legal or tax questions regarding this content or related issues, then you should consult with your professional legal or tax advisor