Protect your business with these 10 cybersecurity tips 

In today’s boundaryless workplace, comprehensive security is essential. 360-degree protection requires education and awareness to safeguard identities, data, and devices. Awareness helps security teams effectively manage human risk by changing how people think about cybersecurity and helping them practice secure behaviors.

As part of Cybersecurity Awareness month in October, Microsoft Security lists down the major types of security threats and tips on how to protect a business.

  Security threats come in two forms: External and Internal threats.

1. External threats

External threats target your network. Attackers will try to overwhelm you with traffic so you cannot access the systems you need to run your business. There are two main types of network attacks:

• Denial of service (DoS): An attack where a computer sends many requests to a network service to overwhelm the target service
• Distributed denial of service (DDoS): Similar to a DoS attack, only DDoS uses multiple computers in several locations in a coordinated attack

2. Internal threats

Internal threats target people. Attackers use social engineering tactics to trick users into providing access credentials or revealing sensitive information. Common attacks include:

• Phishing and spear phishing: Scammers often send emails to employees from what appears to be a colleague, friend, or reputable person or company containing a link or attachment. If the employee clicks the link or opens the attachment, the attackers can gain access to systems
• Vishing: It is like phishing but uses phone calls instead of email
• Baiting: This happens when an attacker offers a fake prize for responding to a phishing or vishing attack
• Browser attacks: These attacks may appear as pop-up ads or suggestions to install a browser extension

Here are a few tips on protecting your network: 

1. Providing employees training on safe email and browsing use
2. Educating them about the potential risks that come with being online
3. Offering attack simulation training in Microsoft Defender for Office 365
4. Going password less and using multi-factor authentication
5. Ensuring all company devices use the latest version of the operating system and internet browser
6. Enforcing corporate file-saving protocols. Store and encrypt company data securely in the cloud
7. Educating employees on the importance of using secure connections such as HTTPS
8. Making it a practice with employees to check website certificates to verify the website’s identity
9. Enabling pop-up blockers by default
10. Using cloud-based antivirus solutions like Microsoft Windows Defender