Cyber Security Tips For Small Businesses And Freelancers Working From Home
According to CIRA, household users are 5x more likely to visit a malicious site while at home than at work (don’t click on that spammy looking link!).
That’s why securing your devices when working from home is more important than ever.
Here are ten steps you can take to protect yourself, with easy-to-follow instructions (so don’t worry if you’re not a “techie”).
1. Update your password (yes, really!)
Password breaches still account for nearly 80% of all cyber security breaches. So although it may be annoying to update your password, it’s a simple effort that can return dividends in the long run.
Passwords should include a mix of upper case, lower case, special characters and numbers. Do not incorporate any of your children’s names, pets, birth dates, or other personal information that could be gathered from your social channels.
2. Regularly clear your cache
This includes your browser history and cookies, on both your desktop and your mobile devices.
3. Don’t log into your accounts from other people’s devices
4. Be cautious of “free” wifi or public access points
5. Unlink your accounts, or minimize the number of linked accounts
6. Be protective of your email address and personal data
Everyone wants your data these days! From mailing lists, to retail stores promising you special deals. But beware. Nothing is ever really free.
Your email address is the first point of contact to start tracing your digital footprint - think of how many accounts your email address is attached to! Be protective of your personal data, and stop giving your email address away on a whim. Treat it like the valuable commodity that it is.
Companies often sell user data to marketing and advertising firms as well. Meaning, you’ll get hit (most often spammed) with re-targeted ads and a jammed inbox.
Fun fact: data miners pay the most for the data from expecting mothers. The thought process is that they want to turn an expecting mom into a loyal customer, so she’ll continue purchasing from the same brand through pregnancy, and into childhood, enduring the brand makes a significant return on the small amount they may have paid for that initial email (most of the time, just a 10% off coupon!).
7. Switch your location settings off (as well as all of these other settings)
8. Don’t share your login information
This one should be obvious, but it’s a common rule that always gets broken. Whether a family member just needs to “log on quickly” or if you’re working with a digital team that requires access to your accounts, there are a million reasons why we may share our login information in a pinch. However when we do this, we open our personal accounts up to any potential vulnerabilities on that other person’s device. And chances are, they’re not taking the extra precautions like you are. Plus, sharing your login information via text or email is never a good idea. So just avoid it. It’s not worth the risk.
Instead, if someone requires access to your account, you can grant them Administrative access through your account. This way you’ll also have a clear record of their activity log if something were to ever happen.
9. Schedule a routine “digital cleaning”
Scrub away the old digital content, and throw out the trash! Trust me, it feels good to get your digital “home” organized. By scheduling a monthly or quarterly digital cleanse, you’ll be able to flag any suspicious activity, identify vulnerabilities or threats, and remain ahead-of-the-game.
10. Set up contingency and recovery plans
Worst case scenario, your account is hacked. So how do you recover it?! Recovering hacked accounts can be a lengthy and difficult process, that’s why it’s best to be proactive about securing it. As a back-up measure, you can set 3-5 trusted contacts on Facebook, add security questions, a back-up email, and two-step authentication,
https://www.cira.ca/resources/factbook/canadas-internet-factbook-2020
October is cybersecurity month, and there’s no better time to talk about protecting yourself online.
Running a business is hard as it is, we have compiled the top seven steps business owners should take to protect their company and its digital assets from cyber threats.
In this post, we aim to reduce the complexity and provide you with actionable steps you can take today to improve your cybersecurity posture and protect your investment.
Following the defense-in-depth approach to cybersecurity will help protect the business’s valuable information in the event of a successful breach.
The approach is simple, add layers of protection rather than a silver bullet approach.
Our objective is to cover the basics and set a baseline for good security practices at the office and at home.
KNOW YOUR ASSETS
All businesses have physical and digital assets. Keeping a list of all your assets helps your business identify and classify assets that are the most important to your business and set the tone for the remainder of this exercise. This first step helps you see the big picture, identify sensitive information, and protect them accordingly.
PROTECT YOUR ACCOUNTS
We all have way too many passwords to remember, rather than trying to remember your passwords, manage them. Tools like LastPass and 1Password allow you to generate unique and strong passwords, save them, and manage them. Password managers help you use unique passwords for each account which is very useful if your password is exposed. Furthermore, you could create very complicated passwords with 50+ characters that are harder to guess.
Another important method to protect your accounts is to use Multi-Factor Authentication MFA. MFA acts as a fail-safe in case a password is compromised. The majority of service providers allow you to enable MFA or add an MFA feature to your application.
Lastly, on the passwords and accounts front, always change the default passwords for your devices. Modems, routers, printers, and IoT devices come pre-programmed with simple passwords published on the vendor website.
STAY UP TO DATE
Updates from manufacturers include security patches to remediate vulnerabilities in the programs that were missed initially. Devices such as computers, watches, and phones receive regular updates that resolve security issues. Devices without updates are major security risks and must be updated as soon as possible to keep your devices protected.
EDUCATE
Proper cybersecurity training will prepare your first line of defense, your staff, and improve your security posture tremendously. Although it is cool to think hackers use complicated methods to gain access to your system, Business Email Compromise or BEC is the most prevalent and effective entry points to most cyber attacks. An educated team member will be able to spot a malicious email that passes through the anti-spam filter and stop it in its tracks.
BUSINESS-GRADE ANTI-MALWARE
Use business-grade anti-malware to protect your assets from compromised devices such as removable drives. An anti-malware adds another layer of security to your system to quarantine known and suspicious applications.
BUSINESS CONTINUITY AND DISASTER RECOVERY
BCDR helps you get back up and running in the event of an incident. Ransomeware is the most devastating malware a business has to deal with. A proper BCDR plan takes into account the 3-2-1 principle. 3 copies of your data, on 2 different media types, and 1 copy off-site. It is also important to consider the time it will take to restore your systems, known as Recovery Time Objective RTO and how much data you can afford to lose or Recovery Point Objective RPO.
BE PREPARED
It is not a matter of if, but when. A detailed incident response plan combined with training and backups could make the difference between major productivity loss or even bankruptcy and a security incident that we recover from quickly and effectively. Develop an incident response plan that includes responsibilities, contact information, and procedures.
This list includes the fundamentals of proper cybersecurity hygiene to protect individuals and businesses alike. Every business is unique, therefore additional steps are required to address any threats that might not be covered using this checklist.
https://www.cira.ca/blog/cybersecurity/what-is-phishing?utm_source=newsletter&utm_medium=organic-email&utm_campaign=FY21&utm_content=the-dot-8