Security is a critical aspect of running any business. This applies to the physical security of your office and your team, which creates a safe work environment. It also applies to digital security, and the protection of the technologies we utilize in our day-to-day jobs.
Over the last several months, a number of high-profile breaches — including Meta and T-Mobile — have underscored the fact that digital security breaches are becoming increasingly more common. This data — which included many previously compromised email addresses and passwords — were exposed on the internet for anyone to find.
With the increased hype around ChatGPT, it’s important to know if — and how — employees are using AI-based tools for productivity. In a recent study by cybersecurity company Cyberhaven, 3.1% of its customers who used the AI reported that they had, at one point, submitted confidential company data into the system. Based on this study, Cyberhaven estimates a company with around 100,000 employees could be sharing confidential data with OpenAI upwards of hundreds of times per week.
You might be wondering how this impacts your business. Let’s dive into the potential implications.
While data security can feel completely outside of your comfort zone, there are things you can do (short of hiring a security expert). As a business owner, performing basic security hygiene can help keep yourself, your business, and your employees safe. Here are five tips to get you started.
Enforce 2FA on all your accounts related to your business as a company policy, especially those for banking and other sensitive transactions. This significantly increases the level of difficulty for attackers looking to compromise an account, even if they have somehow stolen the password to the account.
2FA directory is a great resource that lists services supporting 2FA. It’s a good idea to consider an authenticator app such as Google Authenticator as your primary authentication factor. It’s also best to add a backup MFA method like text or voice, just in case. You can also encourage employees to use 2FA on their personal accounts that aren’t related to the business as an individual precaution.
For company and business-related logins, enforce a policy that your employees utilize strong, unique passwords for logins. The unique part is especially important. Why? Because people often reuse passwords across platforms, and attackers will attempt to use emails and reused passwords across platforms to break into other accounts. If you or your employees become compromised, your business accounts may also be at risk. It’s also a good idea to use a password manager. Some examples are 1Password and Dashlane. These applications help create unique and strong passwords that the system saves, so you don’t have to remember each one.
Based on the above, do you feel confident that the passwords you currently have in place are strong enough? If not, change them right away. It’s a great first step toward protecting your accounts.
Social engineering attacks can target you or your employees through email or sms. A common ruse is a message claiming one of your online accounts is suspended to get you to handover your login information. Also, watch out for spoofed emails pretending to be from someone at your company or others you know. Please reference the Phishing Blog for more information.
Providing security awareness education for all your employees cannot be overstated. Make your team aware of all the above information, especially around phishing in emails. Scrutinizing an email before clicking any links or attachments is an important precaution everyone can take.
Hover your cursor over hyperlinks included in emails you receive to view the actual URL. Ensure the URL is actually related to or associated with the company whose website you are trying to visit. Refrain from supplying login credentials or personally identifying information in response to any email.
When it comes to AI-based tools your employees might be using, getting visibility is the first step in mitigating the security risks.. Once you know how employees are actually using ChatGPT, you can begin to find new ways to support and educate them.
Security flaws in applications, systems, and devices can be exploited by hackers. Applying security patches ensures you’re keeping up with the security updates released to address discovered flaws. End-of-life technologies typically don’t get updated and, as such, use of these technologies should be discontinued. If you aren’t sure whether a certain technology is end-of-life, checking the websites for each product is a good place to start.
Installing antivirus and antimalware protection is also an important step toward protecting your company. If you need additional help, there are many IT consultants and support services that can assist.
When it comes to protecting your business, you want the best. Doesn’t that go for running your business, too? Justworks helps founders and small business owners run their businesses with confidence. If you’re ready to make payroll, compliance, benefits, and HR easier, get started with Justworks today!.
Scale your business and build your team — no matter which way it grows. Access the tools, perks, and resources to help you stay compliant and grow in all 50 states.