{"id":125182,"date":"2023-01-17T09:00:00","date_gmt":"2023-01-17T17:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=125182"},"modified":"2023-05-15T23:09:11","modified_gmt":"2023-05-16T06:09:11","slug":"secure-your-business-like-you-secure-your-home-5-steps-to-protect-against-cybercrime","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/01\/17\/secure-your-business-like-you-secure-your-home-5-steps-to-protect-against-cybercrime\/","title":{"rendered":"Secure your business like you secure your home: 5 steps to protect against cybercrime"},"content":{"rendered":"\n

Running a business requires a lot of determination and sometimes a leap of faith. Every day brings a new challenge, and many times it can feel like the stress and uncertainty are too much. That\u2019s when you remind yourself why you took the leap\u2014the satisfaction of realizing your own vision\u2014and you keep going.<\/p>\n\n\n\n

With that kind of commitment, your business can almost feel like a second home. And just like you protect your physical home with an up-to-date security system and sturdy locks, it\u2019s critical to modernize cybersecurity for your business. Forty-three percent of all cyberattacks now target small businesses, and sadly, 60 percent of those businesses will permanently close their doors within six months of the attack.1<\/sup> Those are staggering statistics, and they\u2019re why we chose to include Microsoft Defender for Business<\/a> with every subscription to Microsoft 365 Business Premium<\/a>\u2014because every business deserves access to enterprise-grade comprehensive security.<\/p>\n\n\n\n

\"Chart<\/figure>\n\n\n\n
\n

It’s always our ambition to make technology an equalizer, to enable a small business to compete with a larger business with the power of technology and close that gap.<\/em><\/p>\n\n\n\n

\u2014Brad Smith, Vice Chair and President at Microsoft<\/p>\n<\/blockquote>\n\n\n\n

As part of Cybersecurity Awareness Month, Microsoft President Brad Smith joined the Administrator of the United States Small Business Administration (SBA), Isabella Casillas Guzman, at the inaugural Small Business Cyber Summit in October 2022 for an intimate fireside chat<\/a>. The two discussed how small and medium-sized businesses (SMBs) can strengthen their cybersecurity capabilities on a limited budget. With that goal in mind, I\u2019d like to extend an invitation for a free security evaluation consultation<\/a> to learn where your business might be able to increase protection. In addition, this blog presents five simple actions <\/strong>that can help any business protect against cyberattacks\u2014starting today.<\/p>\n\n\n\n

1. Monitor everything around the clock with Microsoft Cloud capabilities<\/h2>\n\n\n\n

During his talk with Administrator Guzman, Brad Smith highlighted how moving to cloud-based security gives your business an edge in terms of making protection one less thing to worry about. “If everybody’s just trying to run their software on their own hardware in their own four walls, it means you have to do everything to maintain that hardware,” Brad Smith explained. “Whereas if you move to the cloud, that becomes our problem.”<\/p>\n\n\n\n

The Microsoft Cloud currently tracks and analyzes 43 trillion <\/sup>threat signals daily.2<\/sup> That includes 35 ransomware families, and more than 250 unique nation-states, cybercriminals, and other threat actors. That enormous breadth and depth of protection are built into Microsoft 365 Business Premium. It delivers enterprise-grade protection against viruses, spam, unsafe attachments, suspicious links, and phishing attacks. You\u2019ll also get constant protection against ransomware and malware attacks across your devices, along with antivirus and endpoint detection and response capabilities<\/a> built in. That way, you can focus on making your business a success rather than chasing down cyberthreats.<\/p>\n\n\n\n

2. Update the locks with Defender for Business<\/h2>\n\n\n\n

Break-ins in the neighborhood often give us the push we need to replace any worn-out locks or add a security light (or two). Similarly, protecting your business from cyberattacks starts with one simple step\u2014updating your existing systems. Microsoft and other technology companies release updates on Patch Tuesday (the second Tuesday of each month, beginning at 10:00 AM PT), or whenever vulnerabilities are detected. \u201cThese [updates] are available free of charge,\u201d Brad Smith emphasized. \u201cBut make sure your computers are configured so that they’re downloaded. That’s one of the most important things that people can do to protect themselves.\u201d<\/p>\n\n\n\n

Also, make sure your business maintains an up-to-date IT inventory. With the move to remote and hybrid work, the phenomenon of bring-your-own-device (also referred to as \u201cBYOD\u201d) is now common. Using more devices, especially from home networks, creates a larger attack surface with more endpoints and potential vulnerabilities. As part of Microsoft 365 Business Premium, Defender for Business has threat and vulnerability management<\/a> built-in, allowing you to secure multiple devices with a single tool.<\/p>\n\n\n\n

Businesses can further protect themselves with regular data backups. Ransomware attacks increased by 300 percent in 2021.3<\/sup> The phenomenon of ransomware as a service (RaaS) shows that bad actors are now confident enough to take their operations retail, much like a legitimate business.4<\/sup> But ransomware attacks against your business data can be thwarted by regularly creating backup copies of your important files. Automating your backups according to a set schedule can help your business maximize limited resources while avoiding potential human errors.<\/p>\n\n\n\n

3. Hide your keys well with multifactor authentication<\/h2>\n\n\n\n

Most of us keep a spare house key hidden under a rock or potted plant, but everyone knows better than to put the key under the mat. It\u2019s the same way with passwords: if it\u2019s easy, someone will find it. “It shouldn’t be ABC123,” as Administrator Guzman summed it up. But a recent survey found that among the most common passwords still in use, \u201cpassword\u201d and \u201cQwerty\u201d are at the top of the list.5<\/sup> In every cybercriminal\u2019s toolkit today is a kind of brute force attack known as password spray.6<\/sup> Simply put, an attacker acquires a list of accounts and runs through a long list of common passwords attempting to get a match. Since most businesses have a naming standard for employees (for example, firstname.lastname@company.com), adversaries can often get halfway in your door just by using the information found on your website.<\/p>\n\n\n\n

Popular internet browsers such as Microsoft Edge come with a built-in password generator<\/a> that will create\u2014and remember\u2014a secure password for you. Or your business may choose to eliminate passwords entirely with a solution like Windows Hello or FIDO2 security keys that let users sign in using biometrics or a physical key or device. Short of going passwordless, multifactor authentication, also known as two-factor authentication, is your best bet to generate secure access for your business. Multifactor authentication requires users to verify their identity through an additional factor, such as a one-time password (OTP) sent over email or text message. Other verification factors include answering personal security questions or using face or voice recognition.<\/p>\n\n\n\n

4. Don\u2019t open the door to just anyone, defend against phishing<\/h2>\n\n\n\n

There\u2019s a reason for the popularity of video doorbells\u2014it\u2019s simply unwise to open the front door without knowing who\u2019s on the other side. For the same reason, every business should stay up-to-date on the latest phishing scams<\/a> and social engineering scams<\/a> that bad actors use to seek entry into your business. In 2022, the most common causes of cyberattacks are still malware (22 percent) and phishing (20 percent).7<\/sup> Threat actors have figured out that people are the weak link\u201485 percent of breaches now involve a human element\u2014and are ramping up the frequency and sophistication of their attacks.8<\/sup> However, most phishing emails still rely on recognizable \u201chooks\u201d that we can all learn to spot, such as:<\/p>\n\n\n\n