Issue link: https://nebusinessmedia.uberflip.com/i/1482136
HARTFORDBUSINESS.COM | October 24, 2022 27 Cybersecurity best practices for small businesses By Daniel Silva O ctober is cybersecurity awareness month so it's a great time to revisit your work-from- home policies and ensure that cybersecurity of your business remains top of mind. While employees work from home, they may let their guard down when it comes to security practices, whether it's using unsecured networks, leaving their computers unlocked, or falling victim to phishing attacks. Here are some critical best prac- tices and policies to consider implementing to protect your business and employees. Install a VPN on employee devices Setting up a VPN — or virtual private network — provides an extra layer of security for employees working from home. When logged into your compa- ny's VPN, it will hide employees' IP addresses, encrypt data transfers, mask a user's location, and much more. Before the pandemic, VPNs were common for larger organizations, so if your small business doesn't have one, but you expect your employees to work from home for an extended period, investing in a VPN provider may be worth your time. Implement strong password policies It's estimated that 90% of passwords are vulner- able to hacks, so it may be wise to have several password policies in place. Standard best practices include mandatory password length and complexity requirements and that each program an employee uses has its own unique password. Consider investing in password managers for your employees to help them keep track of their passwords. Two-factor authentication (i.e., requiring a password plus a code sent to an email or phone number) for specific programs will also add an additional security layer if needed. Create rules for working in public Your rules around using public Wi-Fi may vary, but if your employees work with sensitive data, you may want to consider exploring your options to keep them safe or even ban the practice altogether. That may sound extreme, but unencrypted networks, malicious hot spots, or leaving Bluetooth on in public can make employees vulnerable to cyber attacks. Even innocent onlookers can lead to risk, and protective screens on laptops may be necessary. Encourage home security checks If your employees are working remotely for the long term, encouraging home security can help keep your business safe. Provide a list of sugges- tions for employees to secure their home network and create a strong password for their Wi-Fi. Remind them to keep company and personal devices separate and to lock their work computers when they're not using them at home. Work devices should not be left unattended outside or in a car. These may seem like basic policies, but they are good reminders, nonetheless. Invest is cybersecurity training The best way to prevent security issues at your small business is education. On top of going through your company's security policies, it's critical to regularly educate employees about common phishing scams, securing home networks, avoiding public Wi-Fi, etc. Set up annual professional development training around these security best practices and send out email reminders about the latest scams and things to look out for. Making cybersecurity education a priority can help your team keep attacks at bay before becoming a serious issue. Be prepared to deal with issues Even the best-prepared businesses are at some risk to a cybersecurity or data breach. Instead of panicking in the event of an attack, stay ahead of the game by putting together a response plan so that you can handle an issue as soon as it happens and reduce the fallout. Create a step-by-step checklist of what information you need, who to contact and when, what passwords or information you need to change immediately, and what, if any, disciplinary action you need to take with any employees not following your security policies. It's safe to say that remote policies, whether you had them pre-pandemic or not, are here to stay. Hopefully, your business already had some of these cybersecurity policies in place, but it's always good to routinely revisit and update your security guidelines and educate your team throughout the year. Daniel Silva is director of security and chief infor- mation security officer with Union Savings Bank. Expert's Corner Daniel Silva NFTs: A new target of cybercrime By William Roberts A s non-fungible tokens remain steady in popularity as potential investment oppor- tunities, ongoing concern for their market volatility continues — wild swings in pricing and value are still commonplace, as they have been for the past few years. That volatility has been the biggest concern to date among those who choose to invest their money in this space. However, it should come as no surprise that there is now a newer concern being raised about NFTs — vulnerability to cybercrime. Hackers and those who seek to do harm and cause chaos through data breaches and ransomware are setting their sights on this new, largely unregulated terrain in the hopes of finding an unlawful way in. Anyone who is dealing in NFTs needs to be aware of this and take steps to ensure that, like so many other parts of their financial life, these investments are properly protected. There are three critical areas that offer the greatest potential for vulnerability, each of which should be addressed by those who hold NFTs as assets. Private key security All NFTs are controlled by a unique private key that allows the owner access to the assets. Any attack on NFTs would likely begin here, with cyber- criminals attempting to gain access to whatever system is protecting that private key information. Hardware programs, such as NFT wallets (there are a number of systems available for purchase), are solid protection means that make it more difficult to breach. Many of these wallets also have multisignatures, or multisigs, built in, which would require more than one private key in order to initiate a transaction. Wallets with multisigs are indeed an essential part of the toolkit when it comes to protecting NFTs. Fraudulent NFTs Cybercriminals are becoming increasingly skilled at establishing phony NFT stores online, or creating giveaway scams and drawing in people and companies and gaining access to their private information. This is a particular challenge because the stores appear authentic and legitimate in every way, and it is often difficult to tell the difference with the naked eye. NFT buyers would be well advised to confirm that the stores are official ones; in most cases, credible sellers will have a blue verification tick next to their usernames. It is worth running a social media search of the seller in researching their legitimacy. Further, legitimate NFTs are also likely to list their unique properties, whereas fake NFTs may not have any properties listed. Last, the smart contracts would have the address where the NFT was minted, and a review of the address is likely to reveal the legitimacy of the source of the NFT. Taking some time to research the NFT and its source will save you money, espe- cially if the deal seems too good to be true. Needless to say, should you come across a fraudulent or suspicious seller account or NFT, as a good netizen you would report such user so that others can avoid the traps. Marketplace security NFTs are based in blockchain technology, a multilayered system of security that is very difficult for outsiders to hack. However, while blockchain works best within a decentralized platform because it eliminates one central point of potential vulnerability, many choose a centralized platform because it is easier to personally access, as a centralized marketplace usually stores all the private keys of digital assets on its own platform. However, this is where the danger comes — while the platform makes it easier for you to interact with and manage your NFT assets, that same feature unwittingly makes it easier for hackers to steal many tokens in a very short time and cause harm. Although establishing a decentralized system may be a bit more difficult and time-consuming, it is well worth it for the protection it provides from cybercriminals. It would also behoove users to implement addi- tional security measures such as setting up strong passwords, enabling two-factor authentication and not clicking on questionable links. William Roberts is a cybersecurity and data protection partner with Day Pitney LLP. He works in the law firm's Hartford office. William Roberts