In 2020, the FBI reported 1.4 million cybercrime complaints, mostly identity theft, up from 651,000 in 2019. The Federal Trade Commission received 4.8 million cybercrime complaints in 2020, up from 3.3 million in 2019. According to the Internet Crime Report, the cost to victims was $6.9 billion in 2021.
The time period reported in these statistics correlates to the shift to remote work due to the COVID-19 pandemic, which should serve as a warning to businesses and individuals who have not taken steps to protect their sensitive information from hacking, phishing, or malware. Remote work is not going away though, so business owners need to think about ways to protect the information they store online and in the cloud.
While cost is a factor for many small businesses, there are some simple, low-cost solutions that can provide protection.
1. Train employees
Implement a training program for employees that teaches them what to look for and gives them a reporting mechanism for possible breaches. For example, scammers know how to make their emails look real. Make it a company policy to check the URLs of emails before opening attachments or clicking on links.
2. Create a virtual private network
Establishing a VPN is a good way to protect information, especially when people work remotely. A VPN is created by establishing a virtual point-to-point connection through the use of dedicated circuits or with tunneling protocols over existing networks. In other words, VPNs allow users to send and receive data as if their computing devices were connected to a private network.
Keep in mind that while VPNs protect IP addresses and encrypt internet history, they do not act the same way as antivirus or antimalware software does. In addition, be aware that not all VPNs use the proper security standards or promptly fix issues.
3. Install strong passwords
Having a strong password policy is key. Using two- or multifactor authentication is an important safety feature because it requires users to identify themselves. For example, with two-factor authentication, the user will need to know the verified user name and password as well as a personal identification code.
Another way to protect passwords is through the use of a password manager. Password managers either store passwords in an encrypted database or generate passwords on demand. Such programs may also have other functions, such as autofilling forms or storing credit card information.
There are three types of password managers:
- Desktop password managers store passwords locally on the user's device.
- Cloud-based password managers store encrypted passwords on the service provider's network.
- Single sign-on password managers allow users to use one password for every application.
4. Keep software current
Be sure all software is automatically updated so the latest safety patches are installed.
5. Use role-based access control
Restrict access to sensitive information by restricting employees to a need-to-know basis. Such systems allow employees access only to the information they need to do their jobs.
6. Establish backup and recovery protocols
Install automated remote backup and data recovery to allow a copy of critical data to be stored in a secure offsite location.
Businesses need to put cybersecurity practices at the top of their to-do lists, especially in the current volatile economy. Some of the measures listed here do have associated costs, but those costs need to be weighed against the tangible and intangible costs of a breach. R&A has the knowledge and experience to assist if you are concerned about cybersecurity at your business.