Just last week, President Joe Biden issued a warning to U.S. business leaders urging them to take action securing their cyber defenses, saying that evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks.

According to the Cybersecurity & Infrastructure Security Agency (CISA), every organization — large and small — must be prepared to respond to disruptive cyber incidents. As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to and mitigate the impact of cyberattacks.

Such attacks are not new to U.S. infrastructure. Russia-linked hackers were found to be responsible for a ransomware attack last year that forced the shutdown of the Colonial Pipeline, leading to fuel shortages along the East Coast. Investigators found that the system was breached by using one inactive compromised password that did not use two-factor authentication.

The reason I point out the vulnerability is that the methods to harden a company’s system — and even your own network — aren’t that difficult and can be very effective. So let’s run through what you can do to keep your company and home systems safe. I think you’ll be surprised how much of cybersecurity best practice applies to both.

Start by backing up all of your data. You may have data stored on local servers and in the cloud. Small business owners may also want to consider a third set of data stored on a hard drive or series of thumb drives at home or at the home of a trusted family member in another state in case of a natural disaster. Of course, that third location will take more work to maintain, but someday you may be glad you have it.

Multiple copies of your data will also protect you from ransomware threats. The thief says they’ve locked up your data? Not a problem for you. Keep in mind that if this happens, you will still have to determine how your system was breached and repair the vulnerability before using your network or computer again. If you haven’t already done so, once your system has been cleaned, install antivirus and anti-malware software that scans in real-time, use firewalls and other tools, and keep them updated.

It is imperative that you keep all operating systems, software and apps up to date, running the latest versions. Many updates include security features that are responses to current threats, and do not delay installs.

Change your passwords often and use two-factor authentication on accounts so you can be alerted if someone attempts to access them. You may consider using a password manager for yourself and staff that will take care of changing your passwords regularly, making sure they are secure and unique.

Additionally, you may encourage your employees to sign up with the IRS for a six-digit identity protection pin. An IP PIN prevents someone else from filing a tax return using your Social Security number or Individual Taxpayer Identification Number. The IP PIN is known only to you and the IRS. It helps the IRS verify your identity when you file your electronic or paper tax return. Even if you do not have a filing requirement, an IP PIN still protects your account.

Implement employee security training, which can be as simple as an email plugin like Mimecast. You want your employees to know how to identify phishing and social engineering. You can conduct regular tests to make sure employees can spot a phishing email. Your firewalls should automatically block suspicious emails, but some inevitably get through. Make sure that employees know to report them.

For more resources, CISA has free cybersecurity tools at cisa.gov/free-cybersecurity-services-and-tools and encourages businesses to report attacks quickly so it can warn others: us-cert.cisa.gov/forms/report

Leslie Meredith has been writing about technology for more than a decade. As a mom of four, value, usefulness and online safety take priority. Have a question? Email Leslie at asklesliemeredith@gmail.com.

Newsletter