Since 2004, October has been designated as Cybersecurity Awareness Month 2024, so happy Cybersecurity Awareness Month! Come celebrate and more importantly reflect on what it means to be cybersecure. Being cybersecure means taking proactive steps to protect business data, devices, and identity. There is no one right way to secure your business, but there is certainly a wrong way. The wrong way being, doing nothing, thinking small businesses aren’t targets, purposely ignoring cyber protections, just to name a few. Cybersecurity is not a one size fits all solution, it takes multiple solutions, policies, practices, and so on to build layers of protection. The Cybersecurity and Infrastructure Agency, CISA, offers “four easy ways” to keep your business safer. Let’s dive deeper!
Strong passwords
Protecting online accounts is one of the most important steps in protecting a business. This means having strong passwords on every account, enforced through a password policy. Strong passwords are passwords with a minimum of 16 characters, but go longer when possible. Strong passwords also have upper and lower case letters, numbers, and special characters. It is also crucial to never reuse passwords for multiple accounts or to have similar passwords for multiple accounts. Strong passwords also do not contain searchable information about yourself. This can be things like the schools attended, children’s names, favorite sports teams, and so on.
This can be a really daunting task, but this is where password managers come in handy. Password managers can create complex, unique, random passwords that aren’t reused for every account needed. They are also kept in a secured location, making it more difficult for cybercriminals to access them.
Multifactor authentication
Unfortunately having strong passwords isn’t always enough. So to add an additional layer to securing online accounts, enabling multifaceted authentication, MFA, will make it even more difficult for a cybercriminal. MFA is something you know (username and password), something you have (a smartphone, USB key, authenticator app), and something you are (biometrics).
MFA adds an extra step, usually in the form of a text message with expiring passcode, a push notification, a USB key, password authenticator app, or biometrics. It is strongly encouraged to use a USB key or another physical device as the extra authentication step. This is because text message MFA is more likely to fall victim to a cyberattack than the other methods. MFA should also be enabled for every account if possible. At minimum consider enabling MFA on email accounts, financial accounts, social media accounts, and other business critical accounts.
Come back next week for the other two “easy ways” to keep your business safer as we continue our celebration of Cybersecurity Awareness Month 2024!
Subscribe to our monthly email newsletter to keep your small business up-to-date on all the latest cybersecurity news! For more information on protecting your small business from cyberattacks and other cybersecurity topics check out Small Business, Big Threat!