7 things business owners need to do in 2021


Global cybercrime trends mean annual damage will reach $ 10.5 trillion by 2025, or $ 11.4 million in damage suffered per minute and $ 16.4 billion per day. Not only is cybercrime one of the fastest growing markets on the planet, according to Cybercrime Magazine, it also represents the greatest wealth transfer in human history.

Successful cyber attacks often begin by targeting company employees through social engineering, psychologically manipulating people to perform actions, including disclosing confidential information or granting access to critical infrastructure. Social engineering is the primary means for cybercriminals to access sensitive data, infrastructure, and money.

Adam Anderson is co-founder of Hook Security, which offers cybersecurity awareness training, and Managing Director of Ansuz Capital, a cybersecurity venture capital fund. With twenty years of experience in the cybersecurity field, Anderson pioneered and created a new field of study within Security, Psychological Safety (PsySec), to tackle the epidemic of social engineering.

Based on an interview with Anderson, here are seven things business owners can do to prevent and survive a cyber attack.

Perform regular backups

Making backups of your critical data is, well, critical. It mitigates the risks if you are the target of a ransomware attack, thus reducing the impact by allowing you to reliably recover your data. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Ransomware is serious business; Garmin reportedly paid a ransom of $ 10 million when its systems were hacked in 2020.

Anderson recommends that you “use cloud-based tools like Dropbox, Google Drive, and Box, instead of just storing files on your computer.” Configure them to automatically back up your important information. “While it is true that online companies like Microsoft, Google and Apple are being hacked, they are still much better than you when it comes to security,” he added. With cloud-based programs, should the worst happen, you can simply “rebuild the computer or get a new one and reconnect to your applications,” which means you’re down for “hours, not hours.” weeks ”.

Take out cybersecurity insurance

According to Anderson, cybersecurity insurance policies are valuable in two main ways. First, they help reduce the impact of a cyber attack by paying back your losses and providing resources for recovery. Second, “they explain exactly what they need to see from your security posture to secure payment on the policy.” By simply adhering to the insurance requirements, your protection will be higher.

Anderson recommends that the policy you adopt “come with a disaster recovery team, financial payment, and clear instructions on what you need to do to be compliant,” but says “it doesn’t there really is no significant difference ”between the suppliers.

Automatic updates

Another area of ​​risk arises from security issues within the software used by your business; those already installed on its devices. But before you throw away your laptop, be aware that most of these vulnerabilities have probably already been discovered and updated in the latest version of the software. This means that software updates are essential.

Anderson explained that “the technology and the paths used to break into a machine depend on the loopholes in the system that hackers can exploit.” The computer industry announces fixes to these holes on so-called patch tuesday, where software updates are available to all users. But it is not that easy. “Cyber ​​criminals know that most people will not update their machines, and they immediately deploy new attacks that rely on the presence of these security holes. Updates are essential to stay secure. “By updating your computer, you thwart the majority of automated attacks that hit users thousands of times every day. “

Two-factor authentication

A password is only a factor of authentication, and “deciphering a username and password can be very easy.” Cybercriminals will either “trick you into giving them the information” or “decipher it using technology”. By setting up two-factor authentication (2FA), more information is needed and access to your accounts is much more difficult. Yes, it’s painful but Anderson thinks it’s worth it.

“When 2FA is in place, even though they have your username and password, they can’t log in because they don’t have your key fob, phone, or whatever they need. ” Two-factor authentication typically takes the form of a phone app or a text message with a code you enter when signing in. “Almost all apps have 2FA. Check out the help section of their websites and follow the instructions. Please note, do not store your 2FA in a 1FA location. “Programs like LastPass offer to store your 2FA codes securely, but LastPass only requires 1FA to log in. If in doubt, keep them separate.

Use non-administrator accounts

“Don’t allow yourself to accidentally hurt yourself,” Anderson pleads. Multiple connections can protect you. For each program you use, “create a non-administrator account for your computer and perform your daily access using that account”. It makes sense. Keeping your primary accounts intact and accessing them with reduced administrator rights means “a reduced likelihood of you installing harmful software by accident.”

If you don’t need full daily access to your programs, why needlessly open yourself up to exploitation? Write a list of your software and create new user accounts to further minimize risk.

Surf while traveling

Working from new locations presents an additional risk. In a quest to be productive while traveling, unsecured WiFi networks are tempting. What can go wrong, right? A lot. Working remotely, from cafes and hotel lobbies, is more risky than connecting to your home network, but most of it is unavoidable.

Anderson recommends that you use a “virtual private network (VPN) to protect your data while you are accessing it”. VPNs encrypt your internet traffic and conceal your online identity, making hackers more likely to target someone else. Protect yourself further by “never use WIFI networks that do not have a password because many of them are hacked”. It wouldn’t be difficult for a hacker to log in directly to your computer and “log your keystrokes, your camera or your microphone, and all your files.” It’s not worth it. Instead of relying on the shady internet in coffee shops, “pack a portable router, tether to your phone, or stay offline.”

Think like a hacker

Gadgets and programs aside, “the most important part of it all is training your brain.” Think like a hacker to fill the holes they are going to exploit. Know what they’re looking for to make sure they can’t find it. Cyber ​​security awareness training programs are a way to “train you and your employees to spot scams and stay safe”. Knowing the difference between a real email and a phishing attempt, as well as locking down data and software, can save thousands of damage to property, mind and reputation.

What is the value of your data and software? How much do you value your peace of mind? A few steps are enough to deter hackers, reducing the risk of a successful cyber attack and the impact it has on your organization.