Skip to main content

10 Important Cybersecurity Practices for your Business

 

10 Important Cybersecurity Practices for your Business



1. EDUCATION It’s much easier to prevent a hack than it is to recover from a hack. Once your company’s sensitive data is stolen through a ransomware attack, recovering it is often a long and arduous process. Teaching employees about basic security, personal cybersecurity, and the prevalence of cyber threats goes a long way in stopping ransomware attacks before they can really do damage. Your employees should understand that they might be targets of malicious actors, eager to exploit any entry they can find in your company.

The average cost of a cyberattack is 3.86 million and the cumulative total for global cybercrime is expected to cost $6 trillion. If you don’t pay to train your employees about cybersecurity best practices eventually you may end up paying more in the long run. High quality and free trainings for your employees are available from several government resources including Department of Homeland Security.

2. BETTER PASSWORDS AND MULTI-FACTOR AUTHENTICATION

Think no one will guess that your password is your mother’s maiden name and her birthdate? Think again. Cyberthieves have developed powerful algorithms that can correctly guess difficult passwords in seconds. Traditional password advice suggested using a long password of 12 characters at minimum with a mix of numbers, symbols and capital and lower-case letters.

While this is a good strategy, it isn’t enough and nearly every security professional recommends using two factor or multi-factor authentication. Two factor authentication is a security process which requires two different authentication factors to gain access to programs or resources.

3. KNOW YOUR COMPANY

Take advantage of an easy resource: your own knowledge. Think about your company and where hackers are likely to target. Would they be interested in your employee’s personal information, or are they interested in your customer databases or intellectual property? Find the most likely targets and secure them appropriately.

4. SAFE AND SECURE WIFI

It might be a no-brainer for a company to have a secured, encrypted and hidden Wi-Fi network, but with the advent of remote working, it’s important that your employees also safely encrypt their own personal networks. Your employee’s security is also your security. Hacking an employee’s remote network is an easy way to eventually gain access to the company’s mainframe.

5. BACKUPS BACKUPS BACKUPS

Hackers thrive on being able to disrupt an organization’s activities. An offline backup will enable your business to get back on is feet while cybersecurity experts deal with damage and fallout from a cyberattack.

6. INSTALL ANTI-VIRUS SOFTWARE

Even the best-trained staff occasionally make mistakes. Having anti-virus and anti-malware software installed on computers add an extra layer of protection, especially against phishing attacks— a social engineering attack used to steal data and login credentials.

7. SECURE PHYSICAL DEVICES

Just like you lock the doors when you leave your office, company laptops should be secured with passwords or pins. Laptops given to employees who are no longer at the company should be retrieved. Think of every work computer as a possible gate into your company.

8. UPDATE SOFTWARE AND FIRMWARE

The UK’s National Cyber Security Centre estimates that more than 80% of hacks are indirectly caused by outdated software (Centrify). The best anti-virus and anti-malware programs are only as good as their latest patches. Forgetting to install patches will allow hackers to exploit the system’s weaknesses.

9. BE SAFE RATHER THAN SORRY

Email look suspicious? Don’t click on it. Pop-up offering you a good deal? Ditto. The ABC’s of cybersecurity are Always Be Cautious. Double check where emails come from before responding, especially if something sounds off.

10. HAVE A PLAN

As a small or medium-sized business owner, having your own cybersecurity team is a sizeable expense. Luckily, there are a number of free resources that will help you develop a basic cybersecurity plan and give you an idea of what steps to take if you have been hacked. We recommend the cybersecurity risk management plan published by the FCC, as well as the cybersecurity guide published by the Small Business Administration.

 

Comments

Popular posts from this blog

Top 20 Most Asked Third Party Risk Questions for Vendors  These questions help organizations assess the overall risk posed by third-party vendors, covering critical areas like data protection, regulatory compliance, and incident response. Here’s a list of the Top 20 Most Asked Third-Party Risk Management (TPRM) Questions for Vendors in TPRM questionnaires: 1. What types of sensitive data do you handle for our organization? Vendors should clarify the types of data they collect, process, or store, such as personal information, financial data, or intellectual property. 2. How do you protect data at rest and in transit? This question probes into the encryption methods, protocols, and security controls in place for safeguarding data during storage and transmission. 3. Do you have a formal Information Security Program in place? Vendors should describe their overall cybersecurity framework, including policies, procedures, and governance. 4. How do you manage user access to our data and s...

Nearly 500,000 workers are needed in cybersecurity roles around the country

The push to work from home during the coronavirus pandemic is straining cybersecurity professionals around the country tasked with ensuring workers are able to not only work efficiently from remote locations — but to do so safely. This rapid shift is a tall order for an industry that was already in need of skilled professionals long before the pandemic took hold.  Cybersecurity workers were taken off some or all of their typical security duties to assist with other IT-related tasks, including equipping mobile workforces, according to an April survey from global nonprofit (ISC)2, the largest association of certified cybersecurity professionals. The survey of 256 cyber pros found nearly half were re-tasked and that a quarter said cybersecurity incidents increased since the transition to remote work, with some seeing as many as double the number of incidents. Separate data from another nonprofit cybersecurity group, the Information Systems Security Association, found a 63% increase in...