Cofounder and CEO of FitPeo Inc., an initiative to provide better preventive care to those who need it the most.
getty
Cyber incidents pose the greatest risk to businesses in 2023, including outages, data breaches and cyberattacks. According to research by IBM, data breaches in 2022 cost companies an average of $4.35 million. With this level of risk that can affect a business's finances, stability and reputation, it's essential to be taking steps to prevent incidents.
As a business owner of a complex organization with multiple asset profiles—including mobile devices, VDI environment, IoT devices, Google Cloud Platform and several SaaS solutions from multiple vendors—I know how important it is to protect data. Protecting personal health information and complying with HIPAA regulations has been integral to my business. In this article, I will share some simple yet effective tips on protecting your business from cybercrime.
The Threat That Cybercrime Poses
Cybercrime can take various forms, each with its own risks. Across the board, businesses suffer financially and reputationally as accounts are hacked, private details are leaked and stakeholders or customers lose trust. Here are the main types of cybercrime:
Phishing
One of the most common types of cybercrime, phishing refers to an instance where an individual within an organization is contacted via email or telephone by someone pretending to be a legitimate contact in order to trick the victim into providing sensitive data details. This can include identity theft attempts as well as instances of obtaining payment or password details. As a result, the perpetrator is able to gain access to private information and accounts to commit fraud—typically leading to severe financial consequences.
Malware
Cisco defines malware as any harmful software developed by hackers that is used to steal data or destroy technological systems. Hackers can use these software developments to make computers unusable, steal confidential data and intellectual property, and sabotage a business's well-being. Some common types of malware noted by Cisco include:
• Ransomware. This is when the malware accesses private data, encrypts it and then requires the user to pay a significant financial sum to regain access. Often, it can be triggered by a user clicking a phishing link, which gives the hacker access to the computer.
• Viruses. This type of malware is typically attached to a document so that when the document is downloaded, the virus spreads through the computer and the system cannot be used.
• Spyware. This software runs secretly on a computer and feeds information back to the hacker. Instead of locking up the system, it leaks confidential data and can be used to steal financial and personal details.
Steps To Take
1. Install Antivirus Software
Businesses should install antivirus scanners across all system devices in order to prevent malicious software from being brought into the organization.
Our defense is a depth strategy coupled with a resilient operational process that helps us achieve the confidentiality, integrity and availability required for business. The defense practice includes firewalls for our network and applications, a virtual private network (VPN) for our internal resources, identity and access management with multifactor authentication, antivirus software to protect against any malicious behavior, sensors to collect logs from all assets, and certificate management to encrypt data at rest and in motion.
All of the above IT and security implementation and operational efforts follow continuously updated management-approved policies and standards.
2. Back Up Data
Backing up your company's data is essential to prevent the massive damage of a cyberattack. You can mitigate against stolen, lost or corrupted data by having a backup. The key to a successful backup method is to keep the backed-up data in a different location; otherwise, you risk losing both versions. We are consuming Google database as a service to store and back up our data to prevent cyberattacks.
Having a backup strategy is essential for any business to ensure data safety and continuity of operations. At our organization, we have implemented a backup strategy that uses Google Cloud SQL backup functionality. We take backups at the start of business operations every day to ensure we capture any changes or updates that might have occurred since the last backup. This daily backup schedule ensures we have the latest version of our data at all times.
Furthermore, we also ensure that we maintain the last seven days' backups to enable us to recover data in case of any unforeseen circumstances. Having multiple backups helps us minimize the risks associated with data loss, and it also gives us the flexibility to recover data from a previous point in time.
3. Secure Networks And Data
As our digital devices become more connected and networks become more complex, cybercriminals have increased access to cause harm. One tool you can use to improve your network's security is a VPN.
All of our registered nurses and nursing assistants are provided with VPN-preconfigured Chromebooks and security settings managed through Google Workspace. These tools encrypt the network to ensure privacy and hide IP addresses, making activity untraceable. By blocking activity and data, hackers cannot access personal information.
Similarly, using a firewall will also help by acting as an intermediary for online activity to protect a company's data. After doing research, we found that this was the best way to protect our organization.
4. Team Training
As the everyday users of your systems, your team is the front line regarding cybersecurity and mitigating threats. Conduct training sessions to teach every user about best practices, show them what to look out for, and ensure that all of your protective software and authentication steps are enabled and activated on every device used within the company. We have used simulated phishing attacks to test our employees on their awareness of potential threats. Educate your team about creating strong passwords on all of their business accounts.
Conclusion
Cybercrime is one of the most significant threats faced by businesses today. However, by following diligent steps, business owners can mitigate risks significantly to protect their data and reputation. Avoid falling into one of the common traps of letting your cybersecurity slide, as the risks of a security breach cannot be overstated.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
