It’s been nearly two years since many businesses transitioned to remote work due to the COVID-19 pandemic. Some have ended their leases and made the shift permanent, while others are offering hybrid options to employees. Whatever your company stance is on remote work, one fact is clear: business owners can’t afford to ignore the ever-increasing threat of cyberattacks.
As OnPoint Community Credit Union’s Chief Information Officer, I’m acutely aware of the vulnerabilities facing businesses due to an increased reliance on digital tools. A recent survey by Tenable found 80% of security and business leaders say remote work increases risk to the organization. In addition, about three in 10 organizations have seen a measurable spike in cyberattacks during the pandemic, according to CIRA. While cloud-based applications have done wonders for streamlining operations, they also open up new avenues for attacks, with cybercriminals delivering 61% of malware and 36% of phishing campaigns via the cloud, according to Netskope. However, all is not lost, and there are solutions to protecting your business.
Cybersecurity is essential to financial security. That’s why we work diligently to keep our business safe, while also educating consumers and businesses on how to protect themselves from fraud. One of the most crucial steps to protecting your business is ensuring your employees are well-trained in cybersecurity best practices and follow them carefully. Cybercriminals often target small businesses, many of which have limited IT resources, resulting in an average loss of $188,000 annually. The statistics are alarming, but there are actions you can take to protect your business, including:
- Choosing your IT vendors carefully. Small-business owners should always ask for references and check online reviews when selecting an IT vendor. A trustworthy IT partner can audit the business’s current technology and make recommendations to reduce the risk of a costly data breach. Look for current certifications that demonstrate a vendor’s expertise in cybersecurity program design, implementation and management, like the Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM).
- Making cybersecurity training part of the employee onboarding process. Establish appropriate internet use guidelines and explain the penalties for violating those rules. Train employees on best practices for handling and storing customer data. Teach them how to spot phishing attempts, which are often legitimate-looking emails that trick employees into clicking on a link or submitting passwords or other personal information.
- Maintaining up-to-date antivirus software. As security software becomes more sophisticated, so do the malicious exploits used to thwart them. Failure to update antivirus protection and security software can open companies up to serious threats, such as ransomware. Regular updates should be implemented to formalize the process.
- Ensuring network security for remote workers. Employees should change their default network name to make it difficult to determine the type of router they’re using. Set a strong password that includes uppercase and lowercase letters, numbers and symbols to make passwords more difficult to crack. Set your router’s security protocol to WPA2, and don’t rely on your router to update automatically.
October was National Cybersecurity Awareness Month, and I invite you to take this opportunity to read up on the proactive measures you can take to strengthen your business’s cybersecurity in the newest edition of The OnPoint Guide to Personal Cybersecurity, a free resource full of detailed, actionable guidance to help keep you safe from scammers.
Jim Armstrong is Chief Information Officer with OnPoint Community Credit Union.