Since the start of COVID-19, we have seen an increase of cyber threats to the order of 600%, making it more imperative than ever for small- to medium-sized businesses to adhere to basic security controls. This article reinforces my ALCC presentation in May 2021 that pointed out some fundamental steps that every business can take to reduce their likelihood of being impacted by these threats.

Both employees and the businesses can take to help reduce the likelihood of serious breaches. Threat actors know no boundaries nor do they distinguish between small or large businesses. The majority of them are purely after financial gain. This usually comes in the form of fake emails phishing you to click on a link or encouraging you to rapidly move funds to a newly established account. Determining these fake identities and assets is becoming more difficult as the threat actors reuse actual graphics, terms and phrases of real companies.

Tips for businesses

Here are some steps that can protect businesses when working online. Though the steps may sound familiar, they require implementation to be effective.

1. Don’t reuse passwords between business and personal systems.
2. Check your passwords for validity upon first use. This can be done at https://haveibeenpwned.com/Passwords.
3. Tune the business email access controls.
1. Set geographic limitations. Do you travel outside the U.S. for business? If not, disable non-U.S. access
2. Eliminate concurrent access. Most people are not accessing their email from more than one phone or desktop at a time.
4. Add monitoring to core business systems. Security monitoring can help identify and stop real attacks.

Along with these steps, if the business is able to set up multifactor authentication (MFA) for its financial systems and email, it will help undermine these threats.

Tips for everyone who is online

1. Ensure your passwords have not already been in a breach, just as business should. https://haveibeenpwned.com/Passwords
2. Use a password manager like 1Password or LastPass.
3. Use a separate email for junk, ads, free giveaways, etc.
4. Ask questions about how vendors or systems use your data and know your rights.
1. Share as little personal information as possible.
2. Monitor your online bills and bank accounts.
3. Freeze your credit, as needed.
5. Don’t click on links in email.

We hope you implement these quick tips to help you create a better security posture and reduce the likelihood of serious impact from the growing cyber threats.

Carlin Dornbusch is president of American Cyber Security Management, whose mission is to help enterprises protect their data from internal and external threats. For more information go to  https://www.americancsm.com.

 Read more in this issue of Colorado Green Now:
Landscape pros react to Marshall Fire
Legislative priorities emerging for 2022
See you at ProGreen
Happy 60th ALCC!