Companies like Equifax and Marriott faced expensive consequences in 2019 for the data breaches they suffered. Here's how to avoid being the next victim facing serious legal and recovery fees.
.jpg?width=600&name=Pro%20tip_%20Not%20all%20hackers%20wear%20black%20hoodies%20%3B).jpg)
Keep reading below for tips on avoiding a costly breach, but can we also end the stock photography trope of portraying hackers as guys who only wear sweatshirts?
If there is one cybersecurity trend emerging in 2020, it's that consumers and clients plan to hold organizations liable for the protection of their personal information and sensitive data.
For small business owners, the aftermath of a breach can be more severe than the millions in legal fees and settlements that enterprises like Facebook have to pay.
Small businesses have so much more to lose. One breach could cause a small business to close its doors for good. Did you know that over 14 million small and midsize businesses (SMBs) were affected by data breach catastrophes last year?
Fortunately, there are some effective ways to protect your business from many common cyber attacks and breach attempts.
Invest in Employee Security Training--like Phishing Tests
90% of cyber attacks begin with a phishing email (according to Sonicwall).
In order to beat the bad guys at their own game, many organizations have started to run realistic simulations of phishing attempts on their own employees. 
Tweet this! =>
When these tests are run in conjunction with on-going employee training on email security and password management, it can help reduce the number of vulnerabilities a business has.
To be effective, these tests should be developed by a trusted vendor and administered by IT professionals.
Gamify Your Staff's Commitment to Cybersecurity
At PTG, we recommend using Microsoft's Secure Score--a measurement tool that gives administrators points for taking various actions, such as configuring recommended security features or performing security-related tasks (like regularly reviewing logs) to increase an organization's overall score.
Administrators get powerful visualizations of the metrics, security trends, and weaknesses of their users within their tenant.
If you're using Office 365, Secure Score is a robust tool to help you stay more secure. PTG can help your organization to set this up and even monitor the results for you.
Regardless of whether you are using Microsoft licensed products, consider adding a third-party service that includes employee scoring among its security offerings. Employee error is still the largest enabler when it comes to an organization's vulnerability to a breach. Knowing where every staff member stands when it comes to security knowledge and practice should not be overlooked.
TIP: Reward employees who pass the most phishing tests or have the highest scores on security assessments, or acknowledge the one's who make the largest improvements to their security awareness over a set time.
Configure Multi-Factor Authentication for Your Organization
When it comes to modern security, you must think of taking a layered approach. All Office 365 users should enable MFA for all of their users-across devices.
Why? Because 81% of data breaches leverage stolen or weak passwords, which are often for sale on the Dark Web.
MFA works by requiring two of the following verification methods at log-in:
- Something you know (typically a password)
- Something you have (a trusted device that is not easily duplicated, like a phone)
- Something you are (biometrics)
Requiring this extra step provides a significant challenge for anyone trying to breach an account (even when the password is known). Weak or stolen passwords are used in 95% of successful attacks-having just a password is no longer a safe way to protect your data.
Even though MFA has been proven to stop hackers in their tracks, organization-wide adoption can be a challenge. Workers might complain about the extra security hoop they have to jump through to access their accounts, but we've found that companies how are open about the reason behind requiring multi-factor authentication, face less pain of adoption.
Cybersecurity is Every Users Responsibility
No worker wants to be the one who clicked the malicious link, failed to secure personal data, or allowed their login info to fall into the wrong hands. One of the things that makes these 3 measures effective is that they all empower users to take an active role in their organizations security policy.
If your business or non-profit needs help with employee training, security evaluation, or configuring authentication processes like MFA, we'd be happy to help. Click here to get in touch today.
