Secure your business like you secure your home: 5 steps to protect against cybercrime

Running a business requires a lot of determination and sometimes a leap of faith. Every day brings a new challenge, and many times it can feel like the stress and uncertainty are too much. That’s when you remind yourself why you took the leap—the satisfaction of realizing your own vision—and you keep going.

With that kind of commitment, your business can almost feel like a second home. And just like you protect your physical home with an up-to-date security system and sturdy locks, it’s critical to modernize cybersecurity for your business.

Forty-three percent of all cyberattacks now target small businesses, and sadly, 60 percent of those businesses will permanently close their doors within six months of the attack.

Here are five simple actions that can help any business protect against cyberattacks—starting today.

1. Monitor everything around the clock with Microsoft Cloud capabilities

If everybody’s just trying to run their software on their own hardware in their own four walls, it means you have to do everything to maintain that hardware. Whereas if you move to the cloud, that becomes our problem. Moving to cloud-based security gives your business an edge in terms of making protection one less thing to worry about.

Microsoft 365 Business Premium delivers enterprise-grade protection against viruses, spam, unsafe attachments, suspicious links, and phishing attacks. You’ll also get constant protection against ransomware and malware attacks across your devices, along with antivirus and endpoint detection and response capabilities built in. That way, you can focus on making your business a success rather than chasing down cyberthreats.

2. Update the locks with Defender for Business

Break-ins in the neighborhood often give us the push we need to replace any worn-out locks or add a security light (or two). Similarly, protecting your business from cyberattacks starts with one simple step—updating your existing systems.

Microsoft and other technology companies release updates on Patch Tuesday (the second Tuesday of each month, beginning at 10:00 AM PT), or whenever vulnerabilities are detected. These updates are available free of charge. But make sure your computers are configured so that they’re downloaded. That’s one of the most important things that people can do to protect themselves.

Also, make sure your business maintains an up-to-date IT inventory. With the move to remote and hybrid work, the phenomenon of bring-your-own-device (also referred to as “BYOD”) is now common. Using more devices, especially from home networks, creates a larger attack surface with more endpoints and potential vulnerabilities. As part of Microsoft 365 Business Premium, Defender for Business has threat and vulnerability management built-in, allowing you to secure multiple devices with a single tool.

Businesses can further protect themselves with regular data backups. Ransomware attacks increased by 300 percent in 2021. But ransomware attacks against your business data can be thwarted by regularly creating backup copies of your important files. Automating your backups according to a set schedule can help your business maximize limited resources while avoiding potential human errors.

3. Hide your keys well with multifactor authentication

Most of us keep a spare house key hidden under a rock or potted plant, but everyone knows better than to put the key under the mat. It’s the same way with passwords: if it’s easy, someone will find it.

In every cybercriminal’s toolkit today is a kind of brute force attack known as password spray. Simply put, an attacker acquires a list of accounts and runs through a long list of common passwords attempting to get a match. Since most businesses have a naming standard for employees (for example, firstname.lastname@company.com), adversaries can often get halfway in your door just by using the information found on your website.

Popular internet browsers such as Microsoft Edge come with a built-in password generator that will create—and remember—a secure password for you. Or your business may choose to eliminate passwords entirely with a solution like Windows Hello or FIDO2 security keys that let users sign in using biometrics or a physical key or device. Short of going passwordless, multifactor authentication, also known as two-factor authentication, is your best bet to generate secure access for your business. Multifactor authentication requires users to verify their identity through an additional factor, such as a one-time password (OTP) sent over email or text message. Other verification factors include answering personal security questions or using face or voice recognition.

4. Don’t open the door to just anyone, defend against phishing

There’s a reason for the popularity of video doorbells—it’s simply unwise to open the front door without knowing who’s on the other side. For the same reason, every business should stay up-to-date on the latest phishing scams and social engineering scams that bad actors use to seek entry into your business. In 2022, the most common causes of cyberattacks are still malware (22 percent) and phishing (20 percent). Threat actors have figured out that people are the weak link—85 percent of breaches now involve a human element—and are ramping up the frequency and sophistication of their attacks. However, most phishing emails still rely on recognizable “hooks” that we can all learn to spot, such as:

• Request for user credentials or payment Information. Never click the link. Instead, type the business’ URL into your browser and go to your account directly.
• An unfamiliar tone or greeting. Phishing emails are often created offshore, so look for irregular syntax or tone that’s too formal, too familiar, or an odd mix of both.
• Grammar and spelling errors. Legitimate businesses take time to proofread their emails before sending them.
• Inconsistent email address or a “lookalike” domain name. A phishing email address or domain will usually be slightly off (for example, microsotf.com instead of microsoft.com).
• Threats or a sense of urgency. Scammers often try to scare you into clicking the link with headlines like: “Update your account information now or lose access!” If in doubt, type the URL in your browser and go to the site directly.
• Unrequested attachments. If you weren’t expecting an email from this sender, don’t click the attachment. Instead, open a new email (don’t respond) and inquire if the email and attachment are genuine.

When you receive a phishing email (we all do), remember to report it. In Microsoft Outlook for business, just select the suspicious message and choose Report from the top ribbon, then select Phishing. This will remove the message from your inbox and help us block more suspicious emails. Both Defender for Business and Microsoft Defender for Office 365 Plan 1 provide protection against advanced phishing, malware, spam, and business email compromise. Both come with built-in policies to get you up and running quickly, including simplified wizard-based onboarding for your Windows devices, servers, and apps.

5. Stay informed about how to prevent break-ins with security trainings

Local police and neighborhood watch groups often work together to educate residents about break-ins and how they can better protect their homes. No matter the size of your business, there are cybersecurity resources available to you as well. Even if your only employee is yourself, cybersecurity training shouldn’t be looked upon as a one-and-done task. Threat actors are constantly learning and updating their skills, and so should we.

Security trainings help businesses arm themselves with the knowledge to prevent phishing attacks, safeguard remote devices, and protect against identity theft. Our security trainings also present strategies for how to stay safe when working on-site and from home, including how to collaborate with colleagues more securely.

Contact us today to secure your business.