Cybersecurity Practices for Small Businesses

Use multi-factor authentication where possible
Beware of phishing emails

Multifactor Authentication

Why make it a pain to sign into websites and systems? A long password is bad enough as it is!

In the event an attacker gets ahold of your password, having MFA requires the attacker to have access to your phone or other device to receive the MFA code or “yes/no” prompt. Multifactor authentication is actually one of the best controls you can implement in your business and personal life to reduce the risk of an account being hacked–in fact, it can reduce the likelihood by up to 99%*. The extra step of entering a code all of a sudden doesn’t seem so bad…

*https://www.cisa.gov/MFA

Beware of Phishing

Phishing emails are the number one method of starting a data breach, being used in an overwhelming 90+% of attacks. Identifying phishing emails is crucial to staying secure.

We’ve all seen phishing emails: from “reset your password in 24 hours” to “you’ve received a secure email message,” phishing emails can take a number of forms. Phishing emails often have content that:

Is time sensitive with serious repercussions (i.e. “reset your password in 24 hours or your account will be deleted”).
Includes a sender email address or links that appear to not match the actual destination address. The link appears to be harmless, but actually leads to a malicious website.
Spelling or grammatical errors.
Requests for personal information unreasonably or unexpectedly.

Here are some tricks to identifying phishing emails:

If you are on a computer, hover your mouse cursor over the sender’s email address or a link in the email (be careful not to click) and check the actual address to see if it’s suspicious. Give it a try here–do the addresses match?: https://www.goplaidit.com/
*Hint* Look in the bottom left of your web browser to see the actual address.
If the email prompts you to reset your password for a website, update personal information, etc., go to that website using a known/trusted method, such as a bookmark, Google, or typing the correct address in yourself. Do NOT click the link in the email.
If you receive a suspicious email that appears to come from a colleague or other person you know, give the person a call to confirm.