Hackers Don’t Wear Name Tags: 10 Ways to Stay Safe

October is Cybersecurity Awareness Month, a reminder that protecting your business from cyber threats is more important than ever. In part one of this two-part series, we'll walk through some key practices you can adopt to better protect yourself, your employees, and your customers.

Hackers don’t wear name tags. Most of the time you might not even notice they are there. But safety and security doesn't need to be daunting—even small actions can have a big impact. In this post, we'll walk through 10 key practices you can adopt to better protect yourself, your employees, and your customers.

1. Treat Customer Data with Care

Customer data can be one of your biggest assets but also one of your biggest liabilities.

We’ve seen cases of sensitive data such as credit card numbers and personal information sent in emails and stored in spreadsheets. Imagine walking into a business and seeing other customers’ personal information sprawled across the counter for anyone to see. Would you trust that business with your data? Just as you wouldn't leave sensitive paperwork lying around, digital customer data needs the same level of care.

Email and spreadsheets may be convenient but they are not a safe way to store and transmit personal information. Neither is printing it out or writing it down on paper. Data should be encrypted and access should be limited to only the people who need it to perform their job. Also, if you don’t need information don’t keep it! Collect only the data you actually need and as soon as you no longer need it you should get rid of it or archive it somewhere secure (depending on your company policy).

Data breaches can be disastrous—not just for your customers but also for your reputation. Customers trust you with their personal details, and any breach of that trust can harm your relationship with them and lead to financial consequences like fines or lawsuits. To prevent mishandling, make it a practice to regularly audit how you collect, store, and share data, ensuring you’re following best practices to keep it secure.

It’s also critical that your vendors and consultants commit to treating your data with care as well. Make sure to choose a professionals and firms that you can trust and whom commit to keeping your data safe and secure.

2. Practice Good Password Hygiene

Weak passwords are like flimsy locks on your front door—easy for an intruder to break through. If you’re using the same password across multiple accounts, or if your password is weak, you could be putting your business at risk. Attackers often exploit weak passwords to access systems, which can lead to devastating consequences, such as the loss of sensitive customer data.

Password managers are an effective way to make sure you are always using unique and strong passwords. Your web browser probably even has one built-in.

If your provider supports Single Sign-On (SSO) technology you may even be able to sign in with your corporate identity provider and avoid additional passwords entirely.

3. Enable Multifactor Authentication

Multifactor authentication (MFA) is one of the most effective ways to protect your accounts from unauthorized access. MFA requires you to verify your identity using two or more factors, such as a password plus a code sent to your phone or an authentication app. Even if a hacker manages to guess your password, they’ll still need that second piece of information to gain access.

Think about it this way: without MFA, a password breach means full access to an account. With MFA, you add an additional barrier, making it far more difficult for attackers to break in. Encouraging employees to enable MFA wherever possible helps secure accounts and adds a valuable layer of defense.

Not all services support MFA but you should use it if it is available. It’s also a good idea to download backup codes if a service supports it and, when you do, make sure to keep them in a safe place.

4. Sharing is not Always Caring

Whenever possible, never share an account between multiple people.

Sharing accounts might seem like an easy way to get things done quickly and maybe save on software licensing costs, but it can lead to a lot of confusion and security issues. When employees share passwords or MFA tokens, it's almost impossible to track who accessed what and when, and it puts everyone at greater risk if that shared password is compromised.

A quick aside for developers and system admins: the same goes for you and server SSH keys!

Instead, set up individual accounts for every employee and vendor. That way, you can track user activity, identify issues if something goes wrong, and minimize the risk of having passwords exposed. Plus, if an employee leaves or you stop using a vendor, it’s much easier to disable their access without disrupting other users.

Some services might not support multiple accounts. If that is the case, make sure you share the credentials securely. There are many tools available for securely sharing credentials with teams.

Some service providers, like Curioso Industries, make it easy for you to securely share and manage credentials with them.

5. Watch Out for Phishing

No, it’s unlikely your boss really has an urgent need for you to buy a gift card and send him the number!

Phishing is when attackers use fake communications, such as emails or texts, to trick individuals into providing sensitive information like login credentials or payment details.

Phishing and Social Engineering (a fancy term for trying to build trust with someone and then trick them into compromising security) are two of the most common forms of cyberattack, and it’s becoming increasingly sophisticated. Attackers use fake emails, texts, or websites to trick users into handing over sensitive information, such as login credentials or credit card numbers. For example, an employee might receive an email that looks like it’s from your IT department asking them to reset their password—if they comply, the attacker could gain access to your systems.

Educate your employees on how to recognize phishing attempts. Look out for red flags like suspicious links, unexpected requests for sensitive information, or emails filled with urgency and fear. Always double-check URLs, especially before entering any personal or business information. Implementing tools that filter out phishing emails can also help reduce the risk.

And if anyone asks you for something like your password or MFA token over email, chat, or text message be wary. Even if they appear to be someone you know. If you followed the earlier steps in this article you shouldn’t have shared passwords and accounts anyway!

6. Change Default Passwords on Devices

Many devices, from routers to security cameras, come with default usernames and passwords, often "admin" or "password." These are well-known to attackers, and failing to change these default credentials is akin to leaving your door wide open. For instance, a small business owner might set up a new Wi-Fi router and forget to update its default password, leaving the entire network vulnerable to intrusion.

Take the time to change default passwords to strong, unique ones as soon as devices are set up. This simple practice can drastically reduce the risk of unauthorized access to your network and devices, making it much harder for an attacker to take advantage of default settings.

7. Regularly Update Software and Firmware

If you never close your web browser, odds are you may be missing some important updates.

Outdated software is like an unlocked back door for cybercriminals. Many updates include patches that fix security vulnerabilities, so skipping them means leaving your systems open to known threats. Known security issues with outdated software makes you an easy target.

Make it a habit to regularly update all software, including applications, operating systems, and device firmware. Consider setting up automatic updates where possible to ensure you’re always protected from the latest threats.

And if your software has that little icon telling you to restart the software or reboot your computer to get the latest version, make sure you listen. It could be an important security update.

8. Run a Virus Scanner

Viruses and malware can quietly infiltrate your systems, causing significant damage without you even knowing it and may spread to other people and devices at your company. A virus could steal sensitive customer information, lock you out of important files, or even allow attackers to control your network remotely. Running a virus scanner regularly helps detect and eliminate these threats before they cause harm.

Ensure you have a reliable antivirus solution installed on all devices that are commonly targeted by viruses, and schedule regular scans to catch anything that might slip through the cracks. Many antivirus tools also offer real-time protection, which can stop malicious software from executing in the first place. By being proactive with virus scanning, you can prevent potential issues and keep your systems running smoothly.

9. Backup Your Data

Backups are your lifeline in situations like natural disaster, accidents, hardware failure, or ransomware.

Ransomware can encrypt your files, making them inaccessible until a ransom is paid, but if you have a recent backup, you can restore your data without giving in to attackers' demands. Similarly, backups are crucial if data is lost due to hardware failure, accidental deletion, or any other disaster.

To protect against these risks, regularly back up all your important data. Use a combination of on-site and off-site backups—such as cloud storage—to ensure you have multiple copies that are safe from different types of threats. Automate your backups whenever possible and periodically test them to make sure your data can be recovered. A strong backup strategy can mean the difference between a minor inconvenience and a catastrophic loss.

And also make sure to follow all the rules above such as treating your customer data with respect. Backups can also contain sensitive information.

10. Educate People About Security Practices

The human factor often plays a significant role in cybersecurity incidents. The best policies and intentions don’t matter unless they are implemented and everyone in your organization is trained on what to do. In fact, many compliance standards such as PCI require that all employees that handle customer information be trained on security. But even if you don’t have compliance requirements it is always better to be prepared and educated.

Host regular training sessions to help employees understand the risks and how they can contribute to keeping the business secure. This includes recognizing phishing emails, using strong passwords, and following the company’s data handling procedures.

You can also go above and beyond by educating your customers about how to stay safe and providing them with the resources they need.

When everyone is on the same page about security, the risks are drastically reduced.

Conclusion

Cybersecurity is a shared responsibility that requires consistent effort from everyone involved. Including employees, vendors, customers, and partners. By following these steps—treating customer data with care, using strong passwords, enabling multifactor authentication, educating employees, and more—you can significantly enhance your business’s defenses against cyber threats.

This Cybersecurity Awareness Month, commit to doing your part by making meaningful improvements to your organization’s security policies and practices. And make sure your vendors and partners do the same. Partnering with a technology provider like Curioso Industries, with deep expertise in security, can help you stay safe, secure, and prepared. We’d love to hear from you to and discuss how we can help with your security needs.

For more information about Cybersecurity Awareness Month visit the Cybersecurity Awareness Month page on CISA.gov.