On Wednesday, the latest large cybersecurity issue reared its head with a phishing scam aimed at Google Docs/Gmail users.
In this case, the scam tricked users into granting access to their Google account through a fake Google Docs link. It could then use that access to email others in the users' address books to spread itself.
While this one seems to have been brought under control and access disabled by Google, it doesn't change the fact that any company needs to make sure it is protected from cyber challenges. This is especially important for small businesses that probably don't have a full-time (or any) IT support.
With employees accessing work accounts from personal devices, checking personal mail on company devices or simply dealing with their everyday responsibilities, there's plenty of exposure out there for small businesses. With that in mind, here are a few tips to protect yourself:
- Invest in virus protection and firewalls - I shouldn't have to say this, but make sure you have updated (and activated) protection for your devices
- Backup your information regularly - Whether it's to the cloud (my preference) or backup hard drives, make sure your key data and the information you need to run your business is regularly backed up. Make sure the back-ups are regularly moved to a separate location. This protects you not only from a virus or ransomware attack, but also from natural disasters or fires.
- Require complex passwords and make employees change them frequently - And make sure "password" or "1234" aren't acceptable. The longer the better.
- Review access to company accounts - As employees come and go, have you changed passwords to accounts multiple people had access to, such as social media?
- Consider limiting personal use - As long as employees have access to the internet, they're probably going to be using it to do some personal surfing. At the same time, limiting access to certain sites can help protect your network.
- Create rules for device access - It's pretty common practice now for employees to check work email, for example, on their own phone, tablet or computer. This can be an easy gateway for problems, so make sure to educate employees on smart usage of these personal devices as well.
- Hire the right help - Even if you can't afford full-time IT help, there are plenty of companies you can hire on a regular or as-needed basis to address these issues. Do your homework and check out references, then bring someone in to make sure your network is secure and to help devise a policy -- and be on call when some employee inevitably ignores that policy.