Cybersecurity can seem like a complex issue. We all know we need it, however the installation and facilitation of high-quality software and systems is pretty daunting. Luckily, we have some practical tips for shops and business of all sizes—and budgets—to follow for safe and secure business operations.

Treat cybersecurity as an integral part of customer service. Your shop goes above and beyond the call of duty to ensure customers leave your shop happy—you should be treating their data and protecting your systems the same way you treat their vehicle.

1) Step up your cybersecurity awareness

Investments in high-tech systems may not be feasible for you, however, you can make cybersecurity a top priority through your actions and priorities. Meet weekly with your staff to discuss best practices and educate them on common attacks, specifically how not to fall victim to phishing and ransomware attacks. Ransomware alone is expected to become a $20B industry in the next couple of years.

Empower your staff to recognize threats and communicate how to practice safe browsing: avoid opening malicious documents and never click on a phishing link.

There are many free online resources for brush up on cybersecurity awareness, including the following: InfoSec Institute

1. SANS
2. InfoSec Institute
   
   

2) Know your level of vulnerability

It may be hard to imagine, but there are lists of connected devices out on the internet for hackers to query and unleash mass attacks on. These devices include and are not limited to routers, servers, Internet of Things devices such as smart thermostats, cameras, etc. Accounts and passwords to systems can even be bought online. If you happen to be running an outdated system (i.e. you haven’t updated your router, which connects you to the internet, in years) you may be a lot easier to target.

However, by no means are attacks simply random or senseless—nearly half of all cybersecurity-related incidents in 2018 were committed against small businesses and 71% of those were financially motivated. Just because you run a smaller outfit doesn’t mean you’re not at risk.

Make a list of all your systems, verify they have monthly security patching (updates) and check when the update was last applied. Any system that no longer receives security updates should be prioritized for upgrades. The order of importance could vary dependent on your environment, however the following can be used as a guideline:

1. Replace/upgrade deprecated systems which are no longer supported by providers
2. Update routers/firewalls
3. Update systems facing the internet (such as servers)
4. Update systems used to process customer data and operational processes that keep your business running

Note that updates should be tested and scheduled during off times to ensure operations will not be affected.

3) Install malware/virus/ransomware protection

If someone in your organization falls for a phishing attack and opens a malicious document or clicks on a malicious link, having software in place to protect against attacks could protect you from the majority of viruses/malware/ransomware strains and prevent execution.

A monthly subscription to this type of protection is now more affordable than ever in the highly-competitive market. When purchasing a solution, ensure it has “Real-Time” protection.

4) Backup, backup, backup

In some cases, attackers may enter your systems and wreak potential havoc. Having a backup of your systems, such as files and data, is crucial to survive attacks. Create an independent system for backup that’s independent of the current systems and offline—if the attacker can see the backup system, they could take that down as well.

5) Be skeptical and discerning

A common tactic of hackers is to appeal to targets on a personal level through social engineering. A hacker may call your business under the guise of a desperate family member of a customer or seek money or private information. They may claim to represent the CRA and ask for verification of your personal or professional identity in order to properly file your taxes. Be very cautious about giving away any information to someone over the phone or over email. Verify their identity by asking for a reference ID number or their name and agent ID. If they claim to be a personal relation, ask them questions that only the supposed individual would know. Go beyond public information such as name, address and phone number or personal data points like a dog’s name, something someone could find easily on social media.