The new year is here. I hope you made it through unscathed. As we welcome the new year, keep these tips in mind as you create your New Year’s cyber resolutions for 2019.
No. 1 - Education, Education, Education
Cyber awareness training should be a vital piece of everyone’s 2019 cybersecurity plan. The training provided to your employees should be updated regularly to keep up with the latest trends and threats in the industry.
I can’t stress the importance of this enough. Your employees are your greatest asset. Without them, your business doesn’t function and isn’t profitable. On the other hand, your employees are also your biggest liability when it comes to cybersecurity.
Cyber awareness training ensures your employees know how to spot fraudulent emails, malicious attachments and untrustworthy websites. Knowing how to respond should there be a mishap is also crucial to a successful cybersecurity plan.
Having cyber-aware em-ployees means all aspects of your business is in safe, capable hands.
No. 2 – This Party Isn’t BYOD
Almost everybody is connected to the Internet via phone, tablet, smart watches or personal laptops. Ensure you have a policy in place to identify your rules with bring-your-own devices (BYOD). This can be layered into your acceptable-use policy. If you don’t have one of those, create one!
If you allow personal devices in the workplace, make sure your network is segregated. Have a separate Wi-Fi for public/employee devices and for work purposes.
As quoted from a childhood favorite movie of mine, "Ghostbusters:"
Egon: Don’t cross the streams.
Peter: Why?
Egon: It would be bad.
Peter: I’m fuzzy on the whole good/bad thing. What do you mean “bad”?
Egon: Try to imagine all life as you know it stopping instantaneously and every molecule in your body exploding at the speed of light.
Raymond: Total protonic reversal.
Peter: That’s bad. OK. Alright, important safety tip. Thanks Egon.
OK, so you probably won’t explode and experience total protonic reversal. But, nonetheless, should someone bring an infected device from home, your network is severely at risk. DON’T CROSS THE STREAMS!
No. 3 – Backups
Please back up all of your vital data in case something bad happens like downloading RansomWare on your network. Backups could be what literally save your business from absolute disaster.
There are different ways to back up your data. Some use an external hard drive and run periodical backups of computers and servers. Others swap external hard drives daily or weekly, taking one home and leaving one connected to run backups. The problem with these methods is that if your network is infected with malicious content, it also ends up on your external hard drives.
The best solutions are having off-site backups or moving your data to the cloud. If you aren’t a cloud organization, off-site backups are the way to go. Most off-site backup solutions offer incremental backups throughout the day, once a day or weekly. Should your network become infected with malware, it can be wiped and the latest version available can be restored.
No. 4 – Patch and Update
Patches and updates should always be run. Usually patches and updates are released because of bugs or vulnerabilities found in the software. Hardware and software codes are rarely perfect. With time, hackers identify weaknesses and loopholes and launch attacks.
Security updates should be immediately installed as they resolve any open vulnerabilities. Every year, malware causes billions of dollars in damages to businesses of all sizes. One of the top contributors to the problem is that users don’t install vital software or Windows updates, which allows hackers to exploit loopholes that have long been patched.
Installing patches and updates also resolve the general bugs and issues with your hardware and software. While these may be non-critical errors, they can be extremely annoying and have an effect on the performance and stability of a program.
Lastly, you might be missing out on some really great features that were released.
No. 5 – Antivirus and Firewall
Not using antivirus software or using the free versions simply do not cut it when protecting your business. Choose professional antivirus protection solutions. Antivirus software essentially protects your computers from malware.
Not every type of cyberattack can be prevented with antivirus software, but it is an excellent layer in your line of defense. Choosing an antivirus software that has a recovery tool is also a must. The recovery system will aid in the removal of any malware on your computers.
Firewalls are your friends. Invest in a firewall that is capable of providing the solutions your business needs. Any business that accesses the Internet should have a firewall in place. Without one, hackers are able to easily infiltrate your network, gaining access to your data. Computers come with built in firewall software, but businesses with multiple users and those with sensitive data require a firewall that is more robust, with the ability to customize and offer reporting to your IT team.
No. 6 – Multi-Factor Authentication
Passwords are hurting your business. The Internet has been around for decades and passwords have been the source for protecting your data and information. Passwords and password encryption have become very complex over the years, but so have the skills of hackers. According to a report by Verizon, over 81 percent of data breaches have been through hacked passwords over the past few years.
Since most people use the same password or variations of the same password for all accounts, implementing multi-factor authentication in your business can save you from falling victim to a data breach. Even if your passwords become compromised, if the hackers don’t have access to your phone to receive your security code to authenticate who you are, they will be denied access.
Plan, Do, Check, Act
Implement a cybersecurity plan. Establish clear policies, objectives, processes and procedures relevant to managing risk and improving cybersecurity to deliver results that align with your organization’s overall policies and objectives.
Do implement and operate your cybersecurity plan, controls, processes and procedures.
Check, assess and, where applicable, measure process performance against your cybersecurity plan. Report the results to management for review.
Act by taking corrective and preventative actions based on the results of the internal cybersecurity plan audit and management review or other relevant information. This approach isn’t a “one and done” solution; it requires re-occurring review and evaluation. At a minimum, this should be done yearly.
If your cybersecurity plan is not up to par, consider implementing some of these tips. We have witnessed another year filled with some terrible security breaches. Don’t allow your business to be just another statistic in 2019. Consult with your IT professional to determine what level of security is needed to protect your business.
David Black is the director of business development for Wasatch I.T., a Utah provider of outsourced IT services for small and medium-sized businesses.