In 2010, there were more than 580 million cyberattacks worldwide. In 2021, that number ballooned to more than 5 billion. Now, as Russians enter their fourth week marching on Ukrainian soil, businesses in the U.S. are being warned about the threat of another type of Russian-backed invasion: attacks on their computer networks. President Biden this week warned business leaders to strengthen their company’s cyber defenses immediately pointing to “evolving intelligence” suggesting Russia could conduct malicious cyberattacks on American companies and infrastructure. 

Our team at National Merchants Association has compiled the steps you can take to protect your business against potential cybersecurity threats.

  1. Cyber Security Risk Assessment

The first step you should take in managing your business’s risk of a cyberattack is performing a cybersecurity risk assessment. Do you know when you last performed an assessment? If you’re unsure, then it has likely been too long.  A cybersecurity risk assessment identifies the various information assets that could be affected by a cyberattack (such as hardware, systems, laptops, customer data, and intellectual property), and then identifies the various risks that could affect those assets.

  1. Spam/Phishing Emails

Emails aren’t always what they seem. You may have received emails from known institutions or personal contacts asking you for financial or personal information. Cybercriminals may offer a financial reward, threaten you, or claim that someone needs your help. Don’t fall for it! Keep your data private! They may have found your personal information online and be attempting to use it as a direct spear-phishing attack or attempt to use social engineering to try to manipulate you into skipping normal cybersecurity protocols.

If something seems “phishy”—do not respond, and do not click on any links or attachments found in that email. Remember, If you receive a suspicious email that appears to be from someone you know, reach out to that person directly either in person or using a separate platform. If the suspicious email comes from an organization, reach out to their customer service to verify the communication.

  1. Software Updates and Patches

Patches are software and operating system (OS) updates that may address performance bugs or provide enhanced security features.

Best Practices for Software Updates

  • Enable automatic software updates whenever possible. This will ensure that software updates are installed as quickly as possible.
  • Do not use unsupported End Of Life software.
  • Always visit vendor sites directly rather than clicking on advertisements or email links.
  • Avoid software updates while using untrusted networks.

New vulnerabilities are always emerging, but making sure that your software is always up to date will provide the best defense against attackers exploiting vulnerabilities. 

  1. Change your Passwords

Changing your passwords can be a real hassle but it isn’t nearly as bad as having to recover from a cyberattack that could cost you your business and your reputation. It’s important to be creative with easy-to-remember ways to customize your password for different websites. Having a different password for your accounts can help prevent cybercriminals from gaining access to these accounts and protect you in the event of a breach. Always keep your passwords private. When you share or reuse a password, it allows that password to potentially be misused or stolen.

  1. Security Awareness Training

As cyber security threats evolve, security awareness training helps businesses decrease IT costs, protect their reputation, and secure their cybersecurity investment. Security awareness training improves risky employee IT behaviors that can lead to security compromises by providing relevant information and knowledge verification on subjects including information security, social engineering, malware, and industry-specific compliance topics.

Security awareness training teaches employees how to spot phishing, social engineering cyberattacks, potential malware behaviors, how to report possible security threats, follow company IT policies and best practices and adhere to any industry applicable data privacy and compliance regulations (GDPR, PCI DSS, HIPAA, etc.)

  1. Multi-Factor Authentication

It doesn’t matter how difficult your password may be, a breach is always a possibility. Multi-Factor Authentication (MFA) ensures that the only person accessing your account is YOU! Whether you’re banking, checking your email, or just logging into a social media account, if MFA is an option, take advantage of it. It will use a trusted mobile device such as a mobile phone, authentication app, or secure token to verify that you are the person attempting to log into your account.

  1. Dark Web Monitoring

Identity thieves can buy or sell your information on hard-to-find dark websites and forums. Dark Web Monitoring searches the dark web and notifies you if your information is found.

The dark web is a part of the internet that isn’t indexed by search engines like Google or Yahoo. It’s a part of the internet that requires specific software, configurations, or authorization to access. It is also where cybercriminals have access to a sophisticated marketplace providing one-stop shopping for malware kits, hacked Netflix accounts, stolen identities, human trafficking, or even murder-for-hire!

With so much media focus on data breaches at companies that possess personal information about millions of consumers, some smaller businesses and organizations might think that cybercriminals wouldn’t target them. They would be wrong. In fact, most of the breaches the U.S. Secret Service investigates involve small businesses. All of this data links directly back to a real person, potentially you or your customers. 

  1. Advanced Endpoint Detection & Response

Endpoint Detection and Response (EDR) is an integrated endpoint security solution combining real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities. 

The primary functions of an EDR security system are to:

  • Monitor and collect activity data from endpoints that could indicate a threat
  • Analyze this data to identify threat patterns
  • Automatically respond to identified threats to remove or contain them, and notify security personnel
  • Forensics and analysis tools to research identified threats and search for suspicious activities

This technology replaces outdated antivirus solutions and protects against file-less and script-based threats and can even roll back a ransomware attack.

  1. Security Incident & Event Management/Log Management

Security Incident and Event Management or SIEM is the process of identifying, monitoring, recording, and analyzing security events or incidents within a real-time IT environment. It provides a comprehensive and centralized view of the security scenario of an IT infrastructure.

  1. Maintain Mobile Device Security

Mobile Device Security is the protection of sensitive information transmitted by your smartphones, tablets, laptops, and other mobile devices. Mobile device security aims to protect sensitive data stored on portable devices and prevent unauthorized users from using mobile devices to access the enterprise network. The Pew Research Center reports in 2019, “roughly one-in-five American adults are ‘smartphone-only’ internet users – meaning they own a smartphone but do not have traditional home broadband service.” When users rely solely on their cell phones for the internet and other daily use it can increase their vulnerability to cybercriminal activity and security breaches. 

  1. Backup your Information

Making backups of your data is critically important in data management. Backups protect against human errors, hardware failure, cyberattacks, power failure, and natural disasters. Backups can help save time and money if these failures occur. There’s no such thing as too many backups. Whether it is on a local hard drive or backed up to the cloud, make sure you’re always backed up and test your backups often. Be sure to call your IT service provider with any concerns about your data backup.

  1. Ensure Data Encryption

Encryption is a vital privacy tool when you are sending sensitive, confidential, or personal information across the Internet. Encryption scrambles plain text into a type of secret code that hackers, cybercriminals, and other online snoops can’t read, even if they intercept it before it reaches its intended recipients. When the message does get to its recipients, they have their own key to unscramble the information back into plain, readable text. It’s important to encrypt all data that you want to keep secret.

  1. Put up that Firewall

A firewall is a security device that can help protect your network by filtering traffic and blocking outsiders from gaining unauthorized access to the private data on your computer. Firewalls provide security for a wide range of applications, including email, voice over IP (VoIP), video, and multimedia programs, and block unauthorized access to applications or valuable company data.

With these simple steps in place for your business, you can spearhead your company’s security implementation and stay ahead of the cybersecurity game giving you and your employees the peace of mind you deserve.

National Merchants Association (NMA) is an industry-leading merchant advocacy group dedicated to reducing or eliminating the unnecessary fees associated with accepting credit card payments. Since 2004, NMA’s payment processing solutions have been delivering tailored solutions, best-in-class customer service, and high-quality service offerings for local and national businesses across multiple industries. Whether it’s high-risk or low-risk, brick-and-mortar or eCommerce, National Merchants Association will create the best processing experience for your company. For more information, visit legacy.nationalmerchants.com or call (866) 509-7199 to get started today!