In 2020, the FBI reported over a million cybercrime complaints, mostly from identity theft. The Federal Trade Commission received 4.8 million cybercrime complaints in 2020, up from 3.3 million in 2019. According to the Internet Crime Report, the cost to victims was $6.9 billion in 2021.
The time period reported in these statistics corresponds to remote work due to the COVID-19 pandemic, which should serve as a warning to businesses and individuals who have not taken steps to protect their sensitive information from hacking, phishing, or malware. With increased remote work, business owners should think about ways to protect the information they store online and in the cloud.
There are some simple, low-cost solutions that can provide protection.
1. Train employees
Implement a training program for employees that teaches them what to look for and gives them a reporting mechanism for possible breaches. Scammers know how to make their emails look real. Make it a company policy to check the URLs of emails before opening attachments or clicking on links.
2. Create a virtual private network (VPN)
Establishing a VPN is a good way to protect information, especially when people work remotely. A VPN allows users to send and receive data as if their computing devices were connected to a private network. Keep in mind that while VPNs protect IP addresses and encrypt internet history, they do not act the same way as antivirus or antimalware software. In addition, be aware that not all VPNs use the proper security standards or promptly fix issues.
3. Install strong passwords
A strong password policy is key. Using two- or multifactor authentication is an important safety feature because it requires users to identify themselves. With two-factor authentication, the user will need to know the verified user name and password as well as a personal identification code.
Another way to protect passwords is through the use of a password manager. Password managers either store passwords in an encrypted database or generate passwords on demand. Such programs may also have other functions, such as autofilling forms or storing credit card information.
There are three types of password managers:
- Desktop password managers store passwords locally on the user’s device.
- Cloud-based password managers store encrypted passwords on the service provider’s network.
- Single sign-on password managers allow users to use one password for every application.
4. Keep software current
Be sure all software is automatically updated and the latest safety patches are installed.
5. Use role-based access control
Restrict access to sensitive information by restricting employees to a need-to-know basis. Such systems allow employees access only to the information they need to do their jobs.
6. Establish backup and recovery protocols
Install automated remote backup and data recovery to allow a copy of critical data to be stored in a secure offsite location.
Businesses need to put cybersecurity practices at the top of their priorities. Some of the measures listed here do have associated costs, but those costs need to be weighed against the tangible and intangible costs of a breach.