From Care to Cyber
On Mumbition the Podcast we spoke with Ailie Houlihan, a Strategist & Consultant at CyberCX as she shares how entering into the field of cybersecurity has improved her work/life balance.
Carrie Kwan:
So Ailie, a big portion of our listeners here, they are small business owners and typically don't have large teams behind them and certainly probably don't have the luxury of a IT department, and yet a lot of their businesses are actually enacted online. So they might have a presence on social media or they might have e-commerce sales. I'm wondering if you could shed a bit of light, and I know one of the answers already in terms of the programme that you've just mentioned, but for a small business owner, how should we be approaching cybersecurity and what are perhaps some simple things that we can do to build knowledge in this important space?
Ailie Houlihan:
There are some really key simple practical things that can be built into business processes that will increase your cybersecurity profile. A few key simple ones are implementing multifactor authentication. So, I know that a lot of, especially small businesses may only be run from a single computer and maybe a mobile phone. Multifactor authentication where you can, can be switched on, whether it be Facebook, Instagram, or some very commonly used platforms under your own control.
Where you can, implementing this added barrier, this added layer of security to your processes to help secure your own data is absolutely a very practical thing to do. A great story I have, recently a friend reached out and said, "I keep getting emails asking me to confirm to get into this account." And I said, "That is somebody who has your credentials and this is multifactor authentication, working in real time blocking somebody from actually getting through. So you need to go in, you need to change your password and you need to do these other options."
And if they did not have that extra layer of security in place, whoever had those credentials would've been able to get in immediately. So, adding an extra layer of defence, very, very important. Utilisation of password managers is also a really easy implementable option for any business and for any individual, in fact. There are some really great password vaults available to you and I can share some links for your listeners to be able to follow both the multifactor authentication steps, some really great options for password management.
This is a tool where it will securely store your long and complex passwords that you have for all of the different required platforms that you might use. So utilising different passwords, utilising long and complex passwords can get very tricky and you don't want to be writing them down and you don't want to be using the same ones all the time. So employing a password management system where you only require one password to go in, everything is maintained securely encrypted, and it will deal with entering in the passwords into where you need to go and you won't need to remember all of the different complex passwords that you use.
Another really easy and implementable option is making sure that you have antivirus and anti-malware software installed on your computers, that you are regularly scanning and that you are regularly updating any firmware software requirements that your system's requesting. Every time that pesky little notification comes up, there's new updates available for your device, do them. They are patching vulnerabilities that the service provider have noticed and have come up with a fix for. And so making sure that you're on top of doing those is really, really important.
Businesses can protect themselves online by being really aware of what it is that they're posting and the data and the information that's included in that posting. Something that we see threat actors do is utilise a term called social engineering, where they get information often that they can find openly online and utilise that to create an attack called a phishing attack. This can be very specified to you, utilising knowledge that they've found about you online. And sometimes that can be, especially from a business perspective, things that you've utilised in your advertising.
An example that I have is somebody had posted images to their business profile, which could quite clearly see their location behind them. They then started to receive these phishing emails which created urgency, utilising this information of their location to click on a link to be able to respond to a request. That link included ransomware and locked down their business. A key takeaway is being aware of the extra information that's incorporated in advertising or especially in small businesses. Sometimes we will take images in our homes of the products, but that extra information can be utilised against you and it's a key thing that we should be aware of when posting online.
Carrie Kwan:
There's some amazing tips there. And I hope that everyone's been taking a few notes because they are really simple things that can make a big difference to protecting our businesses online.