What is a cyberattack? Defined as simply as possible, a cyberattack is any attempt by hackers to damage or destroy a computer network or system.
A cyberattack can come in multiple forms: a virus, a worm, a Trojan horse, phishing, ransomware. It can approach from the “inside” (a fake email delivered directly to your in-box trying to get you to click on a link), it can approach from the “outside” (attempts to circumvent your website’s security), or it can “surround” you when you’re surfing or shopping online (sleek-looking imposter websites that want you to download various types of files or purchase various types of goods and services).
A cyberattack can look totally legit (like an email from your bank or credit card company), or it can look suspect from the get-go (URLs that just don’t compute or language that doesn’t seem like it was written by a native English speaker). It can go after tangible property (your computer devices), or it can go after intangible assets (the data and client information on your website).
This modern form of warfare is pernicious and pervasive. It poses a threat worldwide, to all types of industries. It can infiltrate large and small entities alike. And yet, according to the Capacity Group, the vast majority of U.S. small businesses lack a formal Internet security policy for employees, and approximately only half of them have basic cybersecurity measures in place, believing they’re “too small” to be targeted. It’s not surprising, then, that the Ponemon Institute reports that 67% of businesses were victims of cyberattacks and more than 50% experienced data breaches in the past 12 months. Furthermore, a 2019 report by ProofPoint reveals that 83% of its survey respondents experienced phishing attacks in the previous year.
Cyberattacks are such a common occurrence these days that even the Department of Homeland Security plays a role in educating the American public on what they can do to protect themselves and has launched a campaign called Stop.Think.Connect.
As frightening as all this sounds, you do have a good deal of control over whether or not a cyberattack hits its mark. Here are some things you can do to prevent opening the door when a cyberthreat comes knocking:
- Have a firewall in place and antivirus software on all of your business’s computers. Then keep everything up-to-date: your security software, your operating system, your browser. Security updates and patches are usually free and can be set to automatically update.
- Likewise, keep your website’s security and plug-ins up-to-date. Install SSL certificates and activate https protocols for all your web pages and subdomains. Check with your website hosting company that you have a firewall in place here as well, along with DDoS and malware protection and other related security.
- Do not click on links embedded in emails you’re not expecting. When at all in doubt that the email has come from an authentic source, it’s safer to just close the email and go directly to the company’s website via your own browser, where any valid offers or information will be available. You can also call a company directly to confirm validity.
- The same applies to text messages—just don’t click. Instead, go to the site yourself and log in directly.
- Do not open email attachments and do not download emailed files unless you’re absolutely sure where they came from, like your boss or your colleagues.
- Do not download files from the Internet, either—books, movies, TV shows, music—unless you yourself typed in the legitimate URL and you know exactly what site you’re on.
- Keep confidential information confidential. When you’re asked for personal information on any website, make sure the URL prefix is https:// and not just http://.
- Be password savvy. Use long and difficult strings of characters, both upper- and lowercase letters, both numbers and symbols. Set a schedule to change passwords regularly.
- Train employees on cybersecurity measures—especially how to recognize phishing emails—reminding them repeatedly and often what they need to do to keep the company’s devices and property safe. Human behavior is the number one way hackers get into systems.
- Limit employee access to data and information, as well as authority to install software.
- Secure your Wi-Fi network, making sure it’s secure and hidden.
- Have a backup. If, despite all these preventative steps, you still get hit with a cyberattack, having a backup of all your files will get you back in business much sooner and much easier than starting all over from scratch.
Here’s the bottom line: There’s software that can pose serious cyberthreats to your business and its assets. But there’s also software that can effectively shield you from those threats. It’s true that nothing can get the bad guys from getting in if your own finger clicks on their malicious invitation, but you can put a cybersecurity plan in place—both for your website and for your computer devices—to head them off at the pass.
Contact RWS Consulting today at 202-409-8113 for a cybersecurity consultation that can help arm you against modern-day threats.