5 Steps to Protect Against Cybercrime

Running a business requires a lot of determination and sometimes a leap of faith. Every day brings new challenges, and often it can feel like the stress and uncertainty are too much. That’s when you remind yourself why you took the leap - the satisfaction of realizing your own vision. 

With that kind of commitment, your business can almost feel like a second home. And just like you protect your physical home, it’s critical to modernize cybersecurity for your business. Did you know:

• 43% of all cyberattacks target small businesses (and sadly, 60% of those businesses will permanently close their doors within six months of the attack.)¹

But how do you stay one step ahead of the unsavory characters looking to sabotage your business? Here are 5 steps to help protect your business. 

1. Monitor around the clock
A simple move to cloud-based security can give your business an edge in terms of making protection one less thing to worry about. Currently, the Microsoft Cloud: 

• Tracks and analyzes 43 trillion threat signals daily.² 
• This includes 35 ransomware families.²
• As well as more than 250 unique nation-states, cybercriminals, and other threat actors.² 

That enormous breadth of protection are built into Microsoft 365 Business Premium. It delivers enterprise-grade protection against viruses, spam, unsafe attachments, suspicious links, and phishing attacks. You’ll also get protection against ransomware and malware attacks, along with antivirus and endpoint detection and response capabilities.

2. Update the locks
Break-ins in the neighborhood often give us the push we need to replace any worn-out locks or add a security light.

Similarly, protecting your business starts with one simple step - updating your existing systems. Microsoft continually releases updates, however it’s important to make sure your computers are configured so that they’re downloaded. This is one of the most important things people can do to protect themselves.

Also, make sure your business maintains an up-to-date IT inventory. With the move to remote and hybrid work, the phenomenon of BYOD is now common. As part of M365 Business Premium, Defender for Business has threat and vulnerability management built-in, allowing you to secure multiple devices with a single tool.

Businesses can further protect themselves with regular data backups. Ransomware attacks increased by 300% in 2021. But ransomware attacks against your business data can be thwarted by regularly creating backup copies of your important files. Automating your backups according to a set schedule can help your business maximize limited resources while avoiding potential human errors.

3. Hide your keys well
Most of us keep a spare house key hidden under a rock or potted plant, but everyone knows better than to put the key under the mat. 

It’s the same way with passwords. If it’s easy, someone will find it. It shouldn’t be ABCD1234. A recent survey found that among the most common passwords still in use, 'password' and 'Qwerty' are on top of the list.³  

In every cybercriminal’s toolkit is a kind of brute force attack known as password spray.⁴ Simply put, an attacker acquires a list of accounts and runs through a long list of common passwords attempting to get a match. Since most businesses have a naming standard for employees (firstname.lastname@company.com), adversaries can often get halfway in your door just by using the information found on your website.

Your business could consider eliminating passwords entirely with Windows Hello or FIDO2 security keys that let users sign in using biometrics or a physical key or device. Short of going passwordless, MFA is your best bet to generate secure access for your business. MFA requires users to verify their identity through an additional factor, such as a one-time password sent over email or text message. Other verification factors include answering personal security questions or using face or voice recognition.

4. Don’t open the door to just anyone
There’s a reason for the popularity of video doorbells. It’s simply unwise to open the front door without knowing who’s on the other side.

For the same reason, every business should stay up-to-date on the latest phishing and social engineering scams that bad actors use to seek entry into your business. In 2022, the most common causes of cyberattacks were malware (22%) and phishing (20%).⁵ Threat actors have figured out that people are the weak link (85% of breaches involve a human element), and are ramping up the frequency and sophistication of their attacks.⁶ However, most phishing emails still rely on recognizable ‘hooks’ that we can all learn to spot, such as:

• Request for user credentials or payment Information. Never click the link. Instead, type the business’ URL into your browser and go to your account directly.
• An unfamiliar tone or greeting. Phishing emails are often created offshore, so look for irregular syntax or tone that’s too formal, too familiar, or an odd mix of both.
• Grammar and spelling errors. Legitimate businesses take time to proofread their emails before sending them.
• Inconsistent email address or a 'lookalike' domain name. A phishing email address or domain will usually be slightly off (for example, microsotf.com instead of microsoft.com).
• Threats or a sense of urgency. Scammers often try to scare you into clicking the link with headlines like: “Update your account information now or lose access!” If in doubt, type the URL in your browser and go to the site directly.
• Unrequested attachments. If you weren’t expecting an email from this sender, don’t click the attachment. Instead, open a new email (don’t respond) and inquire if the email and attachment are genuine.

Both Defender for Business and Defender for Office provide protection against advanced phishing, malware, spam, and business email compromise.⁷ They come with built-in policies to get you up and running quickly, including simplified wizard-based onboarding for your Windows devices, servers, and apps.⁸

5. Stay informed about how to prevent break-ins
Local police and neighborhood watch groups often work together to educate residents about break-ins and how they can better protect their homes. No matter the size of your business, there are cybersecurity resources available. Even if your only employee is yourself, cybersecurity training shouldn’t be looked upon as a one-and-done task. Threat actors are constantly learning and updating their skills, and so should we.  

We are here for you
We’re all in this together and AMTRA can help. Be sure to take advantage of our Defend Against Threats with SIEM plus XDR workshop, where you’ll get insights into the security vulnerabilities in your environment. Sign up today to identify the real threats that could be putting your business at risk. 

¹Why small businesses are vulnerable to cyberattacks, Linda Comerford, May 25, 2022.

²Cyber Signals: Defend against the new ransomware landscape, Microsoft. August 22, 2022.

³ These are the 20 most common passwords leaked on the dark web—make sure none of them are yours, Tom Huddleston Jr. February 27, 2022.

⁴Protecting your organization against password spray attacks, Microsoft. April 23, 2020.

⁵50 Phishing Stats You Should Know In 2022, Caitlin Jones. September 7, 2022.

⁶Alarming Cyber Statistics For Mid-Year 2022 That You Need To Know, Chuck Brooks. June 3, 2022.

⁷Microsoft launches Defender for Business to help protect small and medium businesses, Microsoft. May 2, 2022.

⁸Server security made simple for small businesses, Jon Maunder. November 8, 2022.