Cybersecurity

Cybersecurity is critical for businesses of all sizes. These 18 tips can help you secure your computers and mobile devices from malicious actors.

  • Hackers are criminals who obtain unauthorized access to devices and networks, mainly with the intention to steal sensitive data, such as company secrets or financial information.
  • You can safeguard your computers by using firewalls and antivirus software and by following best practices for computer usage.
  • You can safeguard your mobile devices by turning off Bluetooth when not in use, being mindful of the Wi-Fi networks you connect to and using security apps to improve supervision and protection.

The growth of the World Wide Web in the 1990s created new possibilities and spawned new industries, however it also introduce new downsides of connectivity. Tons of spam began to infiltrate email accounts, and viruses on computer wreaked havoc on business networks. A new threat known as computer hacking enlarged the definition of thievery to include infiltrating your computer, tricking you into revealing private data, and using that data to steal or extort personal information, such as bank account credentials, business secrets and even people’s identities.

What are computer hackers?

Computer hackers are those who break into internet-connected devices such as computers, smartphones and tablets, usually with the intention to steal, delete or change information.

Just as other thieves have malicious intention, hackers normally find their way into devices for negative motives. (Although, one exception is so-called white hat hackers, whom firms hire to break into their devices to find security cracks that needs to be fixed.) Hackers may want to steal, delete or change information in your devices and they often do so by installing malware (software used for malicious purposes) you may not even know is there. These thieves may gain access to your most precious data before you’re aware of a break-in.

Key takeaway: Hackers are interested in obtaining unauthorized access to your devices to steal or alter sensitive data.

Types of hacking

Here are some of the motives why computer hackers break into devices:

  • Financial crimes. We have all heard the classic story of someone checking their credit card statement, just to find transactions they didn’t make. These false transactions are usually the result of computer hackers stealing your credit card numbers, checking account information or obtaining access to other financial data.
  • Vandalism. Hacking has its own subculture, so some hackers might want to vandalize certain websites only to show off to other hackers. Does it sound absurd? Don’t make the mistake of not taking this motivation seriously; it’s fairly regular, according to Malwarebytes..
  • Hacktivism. This portmanteau describes a form of hacking somewhat like vandalism. Some hackers may want to alter or destroy certain websites for politically motivated reasons.
  • Corporate espionage. Spying existed long before the internet era, and hacking has only made espionage more accessible to the everyday person. With much of the world constantly connected to the internet, one company can hack into other companies’ devices to steal their information and use it to build an unfair competitive advantage.

Key takeaway: Hackers have a variety of motivations, ranging from financial gain to political goals. Awareness of these intentions can help you anticipate attacks that could affect your small business.

How to secure your computer from hackers

Despite the prevalence of computer hackers, most businesses rely on the internet to track their financials, order and maintain inventory, conduct marketing and PR campaigns, connect with customers, engage in social media, and perform other critical operations. Yet we continue to hear about massive computer breaches, even at giant corporations with robust security measures in place.

Small businesses are often targets as well, especially because they may underestimate the risk of cybercrime and may not have the resources to employ expensive cybersecurity solutions. Follow these tips to protect your devices and safeguard your sensitive data:

1. Use a firewall.

Windows and macOS have built-in firewalls – software designed to create a barrier between your information and the outside world. Firewalls prevent unauthorized access to your business network and alert you to any intrusion attempts.

Make sure the firewall is enabled before you go online. You can also purchase a hardware firewall from companies such as Cisco, Sophos or Fortinet, depending on your broadband router, which also has a built-in firewall that protects your network. If you have a larger business, you can purchase an additional business networking firewall.

2. Install antivirus software.

Computer viruses and malware are everywhere. Antivirus programs such as Bitdefender, Panda Free Antivirus, Malwarebytes and Avast protect your computer against unauthorized code or software that may threaten your operating system. Viruses may have easy-to-spot effects – for example, they might slow your computer or delete key files – or they may be less conspicuous.

Antivirus software plays a major role in protecting your system by detecting real-time threats to ensure your data is safe. Some advanced antivirus programs provide automatic updates, further protecting your machine from the new viruses that emerge every day. After you install an antivirus program, don’t forget to use it. Run or schedule regular virus scans to keep your computer virus-free. [Looking for antivirus software for your business? Check out our picks for the best antivirus software.]

3. Install an anti-spyware package.

Spyware is a special kind of software that secretly monitors and collects personal or organizational information. It is designed to be hard to detect and difficult to remove and tends to deliver unwanted ads or search results that are intended to direct you to certain (often malicious) websites.

Some spyware records every keystroke to gain access to passwords and other financial information. Anti-spyware concentrates exclusively on this threat, but it is often included in major antivirus packages, like those from Webroot, McAfee and Norton. Anti-spyware packages provide real-time protection by scanning all incoming information and blocking threats.

4. Use complex passwords.

Using secure passwords is the most important way to prevent network intrusions. The more secure your passwords are, the harder it is for a hacker to invade your system.

More secure often means longer and more complex. Use a password that has at least eight characters and a combination of numbers, uppercase and lowercase letters, and computer symbols. Hackers have an arsenal of tools to break short, easy passwords in minutes.

Don’t use recognizable words or combinations that represent birthdays or other information that can be connected to you. Don’t reuse passwords, either. If you have too many passwords to remember, consider using a password manager, such as Dashlane, Sticky Password, LastPass or Password Boss. [See related article: How to Create a Strong Password]

5. Keep your OS, apps and browser up-to-date.

Always install new updates to your operating systems. Most updates include security fixes that prevent hackers from accessing and exploiting your data. The same goes for apps. Today’s web browsers are increasingly sophisticated, especially in privacy and security. Be sure to review your browser security settings in addition to installing all new updates. For example, you can use your browser to prevent websites from tracking your movements, which increases your online privacy. Or, use one of these private web browsers.

6. Ignore spam.

Beware of email messages from unknown parties, and never click on links or open attachments that accompany them. Inbox spam filters have gotten pretty good at catching the most conspicuous spam. But more sophisticated phishing emails that mimic your friends, associates and trusted businesses (like your bank) have become common, so keep your eyes open for anything that looks or sounds suspicious.

7. Back up your computer.

If your business is not already backing up your hard drive, you should begin doing so immediately. Backing up your information is critical in case hackers do succeed in getting through and trashing your system.

Always be sure you can rebuild as quickly as possible after suffering any data breach or loss. Backup utilities built into macOS (Time Machine) and Windows (File History) are good places to start. An external backup hard drive can also provide enough space for these utilities to operate properly.

8. Shut it down.

Many businesses, especially those operating a web server, are “all systems go” all the time. If you’re not operating a complex internet-based company, however, switch off your machine overnight or during long stretches when you’re not working. Always being on makes your computer a more visible and available target for hackers; shutting down breaks the connection a hacker may have established with your network and disrupts any possible mischief.

9. Use virtualization.

Not everyone needs to take this route, but if you visit sketchy websites, expect to be bombarded with spyware and viruses. While the best way to avoid browser-derived intrusions is to steer clear of unsafe sites, virtualization allows you to run your browser in a virtual environment, like Parallels or VMware Fusion, that sidesteps your operating system to keep it safer.

10. Secure your network.

Routers don’t usually come with the highest security settings enabled. When setting up your network, log in to the router, and set a password using a secure, encrypted setup. This prevents intruders from infiltrating your network and messing with your settings.

11. Use two-factor authentication.

Passwords are the first line of defense against computer hackers, but a second layer boosts protection. Many sites let you enable two-factor authentication, which boosts security because it requires you to type in a numerical code – sent to your phone or email address – in addition to your password when logging in.

12. Use encryption.

Even if cybercriminals gain access to your network and files, encryption can prevent them from accessing any of that information. You can encrypt your Windows or macOS hard drive with BitLocker (Windows) or FileVault (Mac), encrypt any USB flash drive that contains sensitive information and use a VPN to encrypt web traffic. Only shop at encrypted websites; you can spot them immediately by the “https” in the address bar, accompanied by a closed-padlock icon. [See related article: A Small Business Guide to Computer Encryption]

Key takeaway: Combining security tools and best practices can protect your computers and your network from unauthorized access.

How to secure your phone from hackers

To secure your mobile device, you may need to take different security measures than you would to secure a computer. Follow these tips from Webroot to help you protect your mobile devices from hackers:

13. Turn off Bluetooth.

When you’re not using Bluetooth, turn it off. Keeping your Bluetooth on but dormant opens another back door for computer hackers.

14. Don’t use unsecured public Wi-Fi.

Password-free, widely used Wi-Fi networks have no security features. As such, they’re prime targets for computer hackers.

15. Get a security app.

Install a security app on your phone, just as you should install a firewall, antivirus software and an anti-spyware package on your computer. Popular options include Avast, Kaspersky Mobile Antivirus and Bitdefender.

16. Use a better passcode.

Unlock codes like 0000 and 1234 are easy to remember, but they’re also easy to guess. Instead, opt for a randomly generated, six-number passcode.

17. Switch off autocomplete.

Autocomplete is the feature that guesses what you’re typing and completes the word, phrase or other information for you. While convenient, this tool all but hands your email address, mailing address, phone number and other important information to hackers. Switch it off.

18. Clear your browsing history.

Your mobile web browser has a browsing history, too. Clear it often – including cookies and cached files – to give hackers as little information as possible to work with if they do break into your phone.

Key takeaway: Mobile devices require additional efforts to protect, including deactivating certain features when they’re not in use and installing security applications.

Only 2 in 5 organizations report that they are prepared to navigate new cyber-security exposures arising from rapid digital evolution, according to Aon’s new 2021 Cyber Security Risk Report.

Financial institutions, accustomed to being under intense regulatory scrutiny, have long set the standard for defending against the world’s top cyber adversaries, from hacktivists to terrorists to state-sponsored organizations.

Yet even large wealth management firms can be taken by tried-and-true “social engineering” ploys. Increasingly, criminals are purchasing social security and date of birth information on the dark web, the nefarious part of the internet where illicit activity occurs. With that information in hand, they go through the call centers of wealth management firms, pretend to be their clients, sell securities and have the money transferred to their own accounts.

“While financial institutions

have set the bar for many other commercial sectors in terms of cyber security, even they can fall prey to insider threats and low-tech social engineering attacks,” says Eric Friedberg, co-president of Aon’s Cyber Solutions, the cyber-risk management division of the international consultancy.

As cyber adversaries continue to probe the seams of companies’ defenses for vulnerabilities, they are also attacking in new ways, such as through third-party suppliers. In one infamous case, hackers inserted malicious code into a technology company’s software system so it could spread to clients. “Advanced adversaries are now trying to gain control of and weaponize the very tools that security professionals rely on,” Friedberg says.

Taking Advantage of Disruption

Many companies are struggling to deal with these new threats. According to the Aon report, only 21% of organizations report having baseline measures to oversee critical suppliers and vendors. “There’s a real need to spend more energy helping our third parties with their security,” says Tim McNulty, chief security officer at Barclays. “I can control my side of risk, but it’s difficult for me to extend that control to my supporting industries.”

Digital transformation—spurred by the

COVID-19 pandemic—is an exercise in balancing risk and reward. While global financial firms are skilled at building layered defenses, Friedberg says, “there

is so much disruption emanating from the move to cloud, mobile apps, online banking, blockchain and retail trading platforms that rapid digitization has also become a collective seam that cyber adversaries seek to exploit.”

Since cyber criminals and nation-states are constantly innovating, financial institutions must keep pace. Rich Nolan, managing director for cyber investigations at Citigroup, says companies must embrace zero trust architecture to deal with issues like the surge in remote workers during the pandemic. It’s a security concept around why an organization should not trust anyone inside or outside its perimeters—and should verify any request for connecting to its systems, even if the request appears to be coming from an employee.

“At airports, going through security once doesn’t mean you have access to every plane in the future,” he says. “That’s the principle of zero trust.”

Responding to Ransomware

In the face of new risks, financial institutions must reimagine software supply chain security, accelerate near-same-day patching when critical vulnerabilities are announced and reimagine disaster recovery as the nature of ransomware changes.

As the Aon report notes, “Ransomware became a headline risk for insurers and insureds alike, as activity grew dramatically—up 400% from the first quarter of 2018 to the fourth quarter of 2020.” The report identifies that ransomware is no longer a matter of criminals simply freezing computer systems until a payment is made. Now, data may be extorted, breached or even erased, increasing the risk of business disruption.

While global financial institutions have high levels of cyber maturity, the scale at which they operate can also create challenges. The sheer geographic and cultural diversity of a global financial firm can create a host of problems. Risk is heightened just by being on a foreign IT backbone. When a cyber incident occurs, coordinating the response across borders can raise additional issues.

McNulty sees the next wave of security innovation being in cyber recovery, where companies are enabled to get over the inevitable attacks faster. “We are going to keep evolving about being smart in how we use technology,” he says. “You need a cohesive security culture across the organization—and a mentality of how you adopt technology where you build resiliency in by design.