The COVID-19 pandemic forced many people to work from home. While some people worked from home as an employee, others started an online businesses. Cybercriminals are having a field day with unprotected new businesses. Therefore, it is important for every online business to get smart about basic cyber security.
Ensure your Web Host Offers Transport Layer Security
According to the Federal Trade Commission, it is important that your prospective web-hosting company offers Transport Layer Security (TLS). TLS would help protect your customers’ privacy, credit card numbers, and/or passwords. TLS would also ensure that it’s your website your customers reach instead of a criminal’s imitation. Obviously, having TLS could go a long way toward preventing lawsuits against your business. You’ll know your website has TLS implemented if your site’s address begins with https://.
Ensure your Web Host Offers Email Authentication Tools
If your web host provider does not offer email authentication and your company email uses your company domain name, scammers can send emails that appear to be from you. So, it’s important to know everything about Email Security Awareness.
To protect your email, you need a provider that offers the following three authentication tools: 1) Domain-based Message Authentication, Reporting and Conformance (DMARC), 2) Domain Keys Identified Mail (DKIM), and 3) Sender Policy Framework (SPF).
Protect your Files and Devices
You need to update your web browsers, operating systems, and apps. Set this up to happen automatically to ensure your software remains updated. You should back up important files offline, on an external hard drive, or in the cloud and keep paper files stored safely. Use a password for each device you use. Encrypt your devices. Encrypt your backup tapes, removable drives, and cloud storage solutions too. Use multi-factor authentication when accessing sensitive areas of your network.
Protect your Wireless Network
You’ll need to make sure that your router has WPA2 or WPA3 encryption, and you need to make sure that encryption is turned on. Doing this ensures others can’t read everything you send online. After that is accomplished, you’ll want to secure your router. To secure your router, change the default name and password. Then turn off remote management. Once you’ve done those things, log out as the administrator.
Additionally, using a free proxy server list online from a reputable provider can also help protect your wireless network by adding an additional layer of security to your online activities.
Develop Smart Security Habits and a Plan for Breaches
Using strong passwords helps to keep wannabe intruders out. One good way to do this is to have a nonsensical string of letters with a number and symbol included. To do this, think up a sentence and then use only the first letter of each word, plus a number and symbol, as the password. Don’t repeat passwords previously used or re-use even parts of previous passwords. You should keep on top of the latest scams being used on companies and train any employees they could affect. Should you experience a breach, have a backup plan in place so you can still save data, run your business and tell customers about the breach. You may want to hop onto the FTC website and download a copy of “Data Breach Response: A Guide for Business.”
Familiarize Yourself with the NIST Cybersecurity Framework
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has established a cybersecurity framework to protect businesses from cybercriminals. The framework helps businesses understand threats, manage and reduce cyber security risks, and protect their data and networks. NIST instructs businesses on how to 1) identify, 2) protect, 3) detect, 4) respond and 5) recover.
In the identity step, list your equipment, devices, software, and data. Let employees, vendors, and/or others with access to your company’s sensitive data know what their security-related roles and responsibilities are. The protect step involves the encryption and backup of data, software updates, training, and things previously discussed. The detect step refers to the monitoring of computers for unauthorized personnel access and the monitoring your network for unauthorized connections or users. The respond step involves the aforementioned reporting and business operational steps necessary after an attack. The recover step refers to the restoration of the attacked equipment.
The innocent, early days of internet use are long gone. Today, more people are operating an online home business than ever before, and with that comes opportunities for cybercriminals. Owners of online businesses need to protect their businesses from all types of cybercrimes aggressively.
Guest post by Michelle Quill