Activate your cybersecurity
Eight steps toward a secure business
Read on for a deeper look at cybersecurity risks and strategies, and keep this list handy when
creating or updating a strategy for protecting your business from cyber threats.
1- Understand your unique cybersecurity needs
Proactive measures should be the cornerstone of your business cybersecurity plan. Create a plan suited to your company and conduct a risk assessment and review it periodically to make sure it addresses all potential threats. When determining your cybersecurity needs, consider the types of breaches most relevant to your industry. For instance, if your business is cloud-based with numerous connected devices, you’ll need a plan detailing how your employees access and treat secure information. These considerations may help you determine your specific approach to tackling cybersecurity.
2- Separate — and understand — systems and information
Keep your payroll system, business email, and point-of-sale (POS) system on separate devices to avoid a potential breach or hack impacting them all at once. Also work on basic asset management to understand what can connect to your network and who has access to what.
3-Build a backup system
Work with your third-party technology and software vendors to ensure your information is backed up regularly. Also keep a POS system that is not linked to your current network in reserve to maintain access to sales data.
4-Keep informed and your software up-to-date
Begin by installing anti-virus, anti-spyware, and anti-malware programs, as well as a firewall. Check if your technology vendors offer additional protective software for mobile phones or tablets. For those devices, use a firewall with a virtual private network, which may help protect them on public networks — such as in airports, coffee shops, and convention centers. Since out-of date software can pose a greater security risk, ensure that your software is routinely updated or patched to fix bugs, and that your hardware is on a maintenance check schedule. Subscribe to vulnerability and threat intelligence reports to stay alert on emerging threats relevant to your business’s technology systems.
5- Change default usernames and use strong passwords
When setting up a device, make sure all the default names, usernames, and passwords are unique, and don’t reuse passwords across multiple sites. For example: “Admin” is easy to remember, but it’s also often the standard username, and easy to guess. For increased security, use long passwords (or “passphrases”) and a combination of letters, symbols, and numbers in your passwords. Additionally, password management software can help minimize unauthorized use of a login and manage various passwords across accounts.
6- Train employees and outline specifics
Define and create roles so access is only granted as needed. Track which hardware each employee can access, and inform employees of the proper procedure when they are prompted for device updates or in the case of lost or stolen devices. Train employees to keep an eye out for issues like irregularities, bad connections, pop-ups, or phishing. And if you’re considering a “bring your own device” policy (BYOD), consider the impact of employees using their own devices at work.
7- Remove employee or contractor access immediately after termination
Dedicate time to changing passwords and closing username profiles for any terminated employees. A thorough review of their computer or device will reveal any other profiles or accounts that may be accessible from that device.
8- Don’t forget about your smartphone
Have a passcode, only download applications from trusted developers, install updates regularly, and don’t click on any links or open attachments received in suspicious or unsolicited texts or emails. Additionally, enable remote tracking and data wiping on your device, so if it’s stolen, you can render your data irretrievable.