The New Year brings possibilities, but it also brings new cyber threats. Make cybersecurity part of your business resolutions. It’s a good time to plan for resiliency in the fact of ever-present cyberattacks. Regardless of the size of your business or industry, your business can become a victim of cybercrime.
Here are some best practices you can follow as a company to safeguard your business from cybercriminals.
Update Software Programs Regularly
Let’s start with software programs you are using at work. Make sure all of your software programs are up-to-date. Software companies release program updates, security patches, and critical updates for their software applications. These updates and patches prevent cybercriminals from exploiting the vulnerabilities that exist in the program to gain access to your network and data. So, you need to take the time to make sure that all of your software applications, including operating systems, and browsers are up-to-date. It’s important not to leave out your smartphone applications and mobile devices as well, because cybercriminals can find a way to invade your network and data from your smartphone. For example, you have your work email configured to your phone. Hacking into your phone can give them access to your work email and consequently to work data.
Have Clean and Up-to-Date Backups
Make sure you have clean and up-to-date backups. Backups come in handy, especially in the case of ransomware attacks. Ransomware attacks are where cybercriminals gain control of your network or data and lock you out of your own system preventing you from accessing crucial business data. Sometimes your data is encrypted, which means it won’t be “legible.” They then demand a ransom to unlock or decrypt your data. Unless you pay up, you won’t have access to your data. Having up-to-date, quality backups ensures you don’t have to worry about losing access to your data or paying the ransom, as you have a most recent copy of your business data readily accessible. You can make backups on external hard disks, servers located at a place different from your place of business or even on the cloud. Routine backups may not be enough to protect you.
Update Passwords Regularly
You’ll agree that having passwords to access your IT devices, networks, and data is the first step to securing your business data. However, having passwords is not enough. The passwords have to be strong and difficult to detect or hack into. A lot of ‘smart’ devices today such as phones, tablets, and laptops come with facial recognition and fingerprint sensors that can be used in lieu of passwords. But what happens when you don’t have biometric security measures? You need to ensure that your passwords are strong and also maintain good password hygiene.
Maintaining good password hygiene involves:
- Not having passwords that are too simple or easy to crack. Ideally, a password should be at least 12 characters long, mixed case, alphanumeric, and include symbols.
- Not using the same password across different sites, programs or systems. For example, having the same password for your email and laptop is a strict no-no.
- Not sharing passwords with coworkers and never sharing passwords via emails or text
- Storing passwords safely and securely, and not on a piece of paper or email or in a file on the computer without encryption
- Changing passwords and revoking access after someone quits the organization or in case they wanted temporary access, then not changing the password or revoking access after their work is completed
Enable Multi-Factor Authentication
Multi-factor authentication involves putting up multiple barriers to data access for better data security. The idea is to have another layer of security to protect your data. The first layer is usually something simple like passwords, security questions to answer, PIN numbers, etc. The second layer could be OTP, also known as, one-time-passwords, that are sent to an alternate email ID or phone number, security tokens or access cards that can be scanned and the third data security mechanism could be something personal such as a fingerprint or retina scan. Having multiple security layers makes it more difficult for cybercriminals to hack into your system and access your data.
Use Data Encryption
Data encryption is the process of coding data in such a manner that it doesn’t make sense to anyone until decrypted, i.e. the encryption is removed. The recipient of the data needs a ‘key’, which is a security code or token to decrypt the data. Sometimes, data encryption and decryption may be automated, where the data is automatically decrypted for the intended recipient. The bottom line is, ALL your business data should be encrypted regardless where it resides. This involves securing all the devices used for data storage and access including: computers, mobile devices such as smartphones, external hard disks, servers, and your network and wi-fi routers.
Train Your Employees on Cybersecurity Awareness
Training your employees to identify and respond correctly to cyberthreats plays a big role in any organization’s cybersecurity initiative. Regular cybersecurity training sessions along with mandated assessments should be conducted for all employees. Based on the assessment results, you may conduct follow-up training or refresher sessions for those who need it. You should also create an IT security policy document or handbook and share it with everyone in your company. This handbook or policy document must be updated on a routine basis to keep up with the latest in cybersecurity protocols.
Cybersecurity might seem like a lot of work, especially when you have a business to run and clients to focus on. However, it’s certainly not an element that you can afford to ignore. The price you may have to pay if you or your business becomes a target of a cybercriminal is too high to take cybersecurity lightly. Consider bringing an experienced Managed Services Provider (MSP) like Universal Data on board to help manage the cybersecurity aspect of your business, while you can focus on your clients.
Have a Incident Response Plan
Every business is at risk of an attack, so it’s extremely important that you have a plan in place. Something to consider is how your business will restore backups from disastrous scenarios if data theft is part of the attack. It’s important that you’re testing your backup systems regularly and making sure everything is running smoothly. Practicing ransomware drills or using phishing email simulations are great tools to see your your employees will act in those situations.
As a managed service provider focused on cybersecurity, Universal Data Inc. can help with your security needs. Contact us to schedule a meeting.