This article is a part of BG BrandLab’s Cybersecurity Special Report, meant to provide insights about today’s cyberthreats and the steps readers can take—as  individuals, employees, and decision-makers—to protect against them.

Before you tell yourself it won’t happen to you or your business, let this sink in: Ransomware will attack a business every 14 seconds by the end of 2019, according to estimates from the research firm Cybersecurity Ventures. These ransomware attacks will cause an estimated $11.5 billion in damage. And that is not even counting ransomware attacks on individuals, which occur even more frequently. Cybersecurity Ventures also predicts that attacks on healthcare organizations will quadruple by 2020. So, what is a business owner or employee to do? Let’s consider some practical tips for making a business more secure.

1. Invest in expertise, not sales hype

When cyber experts analyze what went wrong in the wake of an attack, they often discover the victim’s security measures were insufficient, says Taylor Lehmann, chief information security officer (CISO) at athenahealth in Boston and former CISO for Wellforce. He has observed that some organizations got bad or no advice from security experts, invested in the wrong tools or processes, or perhaps did nothing at all. 

Lehmann advises business decision-makers to seek advice from independent advisers—not the person who is selling you something. He likens it to buying a used car. You will make a better choice if you get input from the mechanic down the street, not just the salesperson on the lot. 

Threats are real and growing, but all the FUD (fear, uncertainty, and doubt) spells “business opportunity” to some, and certain businesses use FUD to market and sell products. This means  buyers need to be extra diligent.

When seeking a cybersecurity partner, look for someone who has actually defended an organization—“someone who has looked evil in the eye and understands the mindset of an attacker,” says Lehmann.

2. “Phone a friend”

“Cybersecurity is not a competitive sport, and it shouldn’t be,” Lehmann explains. If you don’t know what to do, consider the people around you who might. Reach out to other companies in your industry, even competitors, to discuss their approach to security. Smaller companies should not be afraid to connect with larger, more sophisticated organizations. In Lehmann’s experience, most cybersecurity practitioners welcome the opportunity to help others

3. Backup your data

Backing up data doesn’t prevent an attack—it does mitigate damage in the event of one. Establish a backup system and test it to ensure it is working. Remember, it is not just cybercriminals that could compromise your business. A national disaster, fire, equipment malfunction, or an employee error could also jeopardize business-critical data.

4. Master the basics

You may not have a budget for the Rolls-Royce of security solutions, but at least invest in the basics. This includes installing and regularly updating antivirus and anti-malware software on all devices; requiring employees to use strong passwords; using two-factor or multi-factor authentication; installing a firewall and ideally, monitoring it; and limiting employee access to business-critical data.

5. Train your team

Business leaders assume employees understand cybersecurity best practices, but that is not always the case. Safe digital habits include:

• Practicing proper password management, i.e. using long passwords that are not easily guessed; using different passwords for each system; not sharing passwords with others; and considering a password manager tool that randomly generates passwords, such as LastPass or Dashlane
• Staying vigilant on email, i.e. looking out for “spearphishing” scams, in which fraudsters target a specific person with an email meant to trick them into sharing confidential information; hovering the mouse over a link to confirm the URL before clicking it; and not downloading attachments from unknown sources.
• Using “safe search mode” when online and staying off high-risk websites

 These are just a few tips to get you started. For additional tips, visit https://staysafeonline.org/, and, of course, business owners should seek guidance from a professional.