10 Important Cybersecurity Practices for your Business
1. EDUCATION It’s much easier to prevent a hack than it is to recover from a hack. Once your company’s sensitive data is stolen through a ransomware attack, recovering it is often a long and arduous process. Teaching employees about basic security, personal cybersecurity, and the prevalence of cyber threats goes a long way in stopping ransomware attacks before they can really do damage. Your employees should understand that they might be targets of malicious actors, eager to exploit any entry they can find in your company.
The average cost of a cyberattack is 3.86 million and the cumulative total for global cybercrime is expected to cost $6 trillion. If you don’t pay to train your employees about cybersecurity best practices eventually you may end up paying more in the long run. High quality and free trainings for your employees are available from several government resources including Department of Homeland Security.
2. BETTER PASSWORDS AND MULTI-FACTOR AUTHENTICATION
Think no one will guess that your password is your mother’s maiden name and her birthdate? Think again. Cyberthieves have developed powerful algorithms that can correctly guess difficult passwords in seconds. Traditional password advice suggested using a long password of 12 characters at minimum with a mix of numbers, symbols and capital and lower-case letters.
While this is a good strategy, it isn’t enough and nearly every security professional recommends using two factor or multi-factor authentication. Two factor authentication is a security process which requires two different authentication factors to gain access to programs or resources.
3. KNOW YOUR COMPANY
Take advantage of an easy resource: your own knowledge. Think about your company and where hackers are likely to target. Would they be interested in your employee’s personal information, or are they interested in your customer databases or intellectual property? Find the most likely targets and secure them appropriately.
4. SAFE AND SECURE WIFI
It might be a no-brainer for a company to have a secured, encrypted and hidden Wi-Fi network, but with the advent of remote working, it’s important that your employees also safely encrypt their own personal networks. Your employee’s security is also your security. Hacking an employee’s remote network is an easy way to eventually gain access to the company’s mainframe.
5. BACKUPS BACKUPS BACKUPS
Hackers thrive on being able to disrupt an organization’s activities. An offline backup will enable your business to get back on is feet while cybersecurity experts deal with damage and fallout from a cyberattack.
6. INSTALL ANTI-VIRUS SOFTWARE
Even the best-trained staff occasionally make mistakes. Having anti-virus and anti-malware software installed on computers add an extra layer of protection, especially against phishing attacks— a social engineering attack used to steal data and login credentials.
7. SECURE PHYSICAL DEVICES
Just like you lock the doors when you leave your office, company laptops should be secured with passwords or pins. Laptops given to employees who are no longer at the company should be retrieved. Think of every work computer as a possible gate into your company.
8. UPDATE SOFTWARE AND FIRMWARE
The UK’s National Cyber Security Centre estimates that more than 80% of hacks are indirectly caused by outdated software (Centrify). The best anti-virus and anti-malware programs are only as good as their latest patches. Forgetting to install patches will allow hackers to exploit the system’s weaknesses.
9. BE SAFE RATHER THAN SORRY
Email look suspicious? Don’t click on it. Pop-up offering you a good deal? Ditto. The ABC’s of cybersecurity are Always Be Cautious. Double check where emails come from before responding, especially if something sounds off.
10. HAVE A PLAN
As a small or medium-sized business owner, having your own cybersecurity team is a sizeable expense. Luckily, there are a number of free resources that will help you develop a basic cybersecurity plan and give you an idea of what steps to take if you have been hacked. We recommend the cybersecurity risk management plan published by the FCC, as well as the cybersecurity guide published by the Small Business Administration.
Comments
Post a Comment