By Fred Bedrich, AVP, Information Security
Now that you’ve set up a cyber playbook, similar to a disaster recovery plan, you and your employees need to practice what is called cyber hygiene.
Concerns about data security and protecting intellectual property aren’t new, but they are evolving so rapidly that your business can’t afford to ignore them. No one is immune to cyber events, such as phishing, malware, ransomware or the theft of IP.
It’s everyone’s responsibility — not just the responsibility of your IT professional.
- Cyber security savviness: Educate and train all employees, regardless of position, based on your business requirements. Make the effort to certify employees, if you can. There are plenty of free and affordable training materials online to help employees learn about cyber security.
- Regularly back up all data, not just in the cloud but also on a local hard drive. Systematically test your backup systems for reliability. Would you be able to recover the critical information that keeps you in business and ahead of your competition?
- Not every employee needs access to your company’s data. Have a policy and enforce it on who can access what information, such as financial information, client lists and intellectual property, and under what circumstances.
- Consider cyber insurance to protect your business. It can cover such things as the cost of legal representation and possible damages related to a network security breach, and expenses related to restoring or recovering data caused by a breach, denial of service attack or ransomware.
- Document your cyber security policies and be ready to share with your customers, if asked. Customers will likely want to know how you manage confidential information, who has access to it, where the data is stored, and what would happen if there would be a breach. Offer this information to your customers as proof of good governance.
- Plan for a mobile workforce. With more than half of businesses currently allowing BYOD (Bring your Own Device), it is essential that you have a documented BYOD policy that focuses on best practices. With the increasing popularity of wearables, such as smart watches and fitness trackers with wireless capability, it is essential to include these devices in the policy. Require employees to set up automatic security updates and have the company’s password policy apply to all mobile devices accessing your network.
- Enforce strong password practices. A vast majority of data breaches happen due to lost, stolen or weak passwords. In today’s BYOD world, it’s essential that all employee devices accessing the company network be password protected with a strong password string such as: X!G43fd54L1!9p or MyDogEatsYellowSlippers2!. Never use a company password for personal use, such as accessing Facebook, LinkedIn or other social media accounts.
- Encrypting your data means making it almost impossible to reconstruct data without knowing the password. Microsoft and Apple have encryption features built in to their operating systems. Turn on this feature!
- Install anti-malware software and keep it current. Did you know that an average of 30% of employees open phishing emails, a rising Canadian statistic. Since many phishing attacks involve installing malware on the employee’s computer when the link is clicked, it’s essential to have anti-malware software installed on all devices including network servers. Phishing attacks often target small businesses due to a lack of employee training or outdated software.
- For an extra layer of protection, multi-factor authentication settings are simple to do on most major networks and email products. We recommend using employees’ cell numbers as a second form of authentication, since it is unlikely a thief will have both the password of the account and your employees cell phone. If you are unfamiliar with MFA (multi-factor authentication) Google it, or look for YouTube videos on “how to” configure MFA on all your email accounts or other accounts.
Stay up to date on the latest cyberattacks
Regardless of your preparation, an employee could make a security mistake that can compromise your data.
Security is a moving target since cyber criminals get more sophisticated and use advanced techniques every day.
As a business owner, you need stay on top of the latest attack trends and the newest prevention techniques. It’s essential that you and your employees make cyber hygiene a top priority.