October is National Cybersecurity Awareness Month

Protecting Your Business: Nine Tips for Cybersecurity Awareness Month

10.25.23

Cybersecurity is no longer optional for businesses. Every business, from a sole proprietorship to a multinational corporation, needs to know its vulnerabilities to cyber threats. They need to take measures to guard against those threats and make plans for how to respond should breaches occur.

With October being National Cybersecurity Awareness Month (CSAM), now is an excellent time for business owners to consider their cybersecurity needs, review existing policies and measures and make changes where appropriate. This article provides tips for improving cybersecurity protections.

Cybersecurity Tips for Business Owners

CSAM began in 2004 as a partnership between a government agency, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA),  and a private nonprofit, the National Cybersecurity Alliance (NCA). October 2023 marks the 20th CSAM.

The following tips can help businesses secure their computer systems and train their employees on how to maintain best cybersecurity practices.

1. Know Your Vulnerabilities

Every business presents a unique set of cybersecurity risks. Hackers are adept at finding and exploiting vulnerabilities. They may gain access to a business’s computer systems by scamming an employee, hacking into “smart” devices connected to an office Wi-Fi network or other unexpected means. A thorough audit of a company’s cybersecurity vulnerabilities is essential to planning for the most likely threats.

2. Establish Cybersecurity Policies and Enforce Them

As businesses adopt measures to guard against cyberattacks, hackers and other cyber-criminals adapt to find ways around those measures. Protecting a business requires company-wide planning and implementation. Once a business knows its vulnerabilities, it can create plans and policies for preventing and responding to attacks.

Establishing policies is only the first step. Businesses must enforce those policies consistently. This might mean reviewing compliance by employees and others and imposing discipline for failing to follow procedures.

3. Limit Physical Access to Computer Systems

While many cyberattacks come through networks, direct physical access to a computer system can be especially risky. A stolen laptop, for example, can give someone direct access to a company’s digital assets. Cybercriminals might use social engineering schemes to get an employee — perhaps unwittingly — to place malware on a server. Keeping these machines physically secure and restricting access to trusted individuals can reduce the risk of these types of events.

4. Train Employees to Avoid Scams

Employees, interns, independent contractors and others with access to a business’s computer systems need to know about common scams that hackers may use to gain access. These may include the following:

    • Malware: Email attachments and other files may contain applications that can damage a computer system or allow others to access it.
    • Ransomware: This is a particularly harmful type of malware that locks down a system. A cybercriminal then demands payment in exchange for the encryption key needed to unlock the system.
    • Phishing: Bad actors may send emails or other communications purporting to be from a trusted source to get the recipient to reveal sensitive information like passwords.
    • Social engineering: In a longer game, cybercriminals use deception to gain an employee’s trust and gain access to computer systems.
5. Use Strong Login Credentials

Anyone with access to a company’s computer network should have a strong password, meaning one that is not easy to guess. They should be required to change the password regularly.

6. Require Multifactor Authentication for Everyone

In addition to strong passwords, businesses should consider additional login requirements. Multifactor authentication asks users to provide information like a code sent via email or text message, answers to security questions or a fingerprint scan.

7. Maintain Mobile Device Security

Mobile devices like smartphones and tablets often present significant security concerns. This is especially true if employees use devices for both business and personal purposes. Dedicated work devices can be more secure, but they still require measures like password protection and data encryption. Businesses should have systems in place to address lost or stolen mobile devices.

8. Keep Software Up-to-Date

Security software is one of the best safeguards against data breaches. The companies that produce these applications provide regular updates and patches that address newly-discovered threats. Promptly applying software updates is therefore essential.

9. Make Frequent Backups

Daily backups of all critical data on a computer network help to guard against many common cyber threats. A ransomware attack, for example, has far less impact if a business can switch over to its backup data.

Learn More During Cybersecurity Awareness Month

Running a business often requires doing multiple jobs at once. Cybersecurity needs to be one of those jobs for every business owner. No matter the size of a business, no one is completely safe from cyber threats anymore. The above tips can help businesses prepare for many of those threats. A knowledgeable cybersecurity expert can help them prepare for specific risks that they might face. If you have any questions or would like additional information, please contact us.