As we bid farewell to the chaotic and unpredictable year that was 2020, now is the perfect time to ensure your cyber security practices are up to par. These 5 easy tech resolutions will make your business more productive, successful, and secure.
1. Clean up your passwords
We know we sound like a broken record (for those of you born in the last 40 years, this is what a record is), but passwords are really important. A weak password is like a basic lock on your front door. It gives the illusion of safety, but can easily be bypassed. It’s tempting to create simple, easy to remember passwords but it puts you at risk. Hackers have a number of tricks up their sleeves that make it easy to crack weak passwords and wreak havoc. Here are the signs that you’re using weak, ineffective passwords:
- You use the word “password” in it.
- It contains easy identifiers like your name, username, birthday, anniversary, etc.
- It’s all lowercase letters with no variation like capitalization, numbers, or special characters.
- You’ve reused the same password for multiple accounts.
- It’s short.
Resolve to practice safe password tips this year by:
- Updating weak passwords and duplicates. If any of your passwords were created using the methods above, update them to something stronger. Effective passwords are random with a combination of uppercase and lowercase letters plus numbers and symbols. They’re at least 10 characters. The passphrase method can also be used to help you craft strong but easy to remember passwords. It’s also rather fun! A passphrase is a collection of multiple, sometimes random or abbreviated words like FivecoffeemonkEyTable or abbreviating a sentence like “I lived in a green house when I was ten. I think it was haunted!” to “Iliaghwiw10Itiwh!”.
- Enabling multi-factor authentication. An increasingly popular method of securing accounts, multi-factor authentication adds an extra layer of protection to the common password or passphrase. Multi-factor authentication is a combination two or more authentication methods. This could be something you have (such as a randomly-generated code sent to your mobile phone), something you are (such as a fingerprint), or something you know (such as a password). Not every type of account has this option currently but if it is available, use it!
- Using a password manager. Desperation leads to poor decision making. If you’re finding it hard to come up with strong, unique passwords for each of your accounts and tempted to start reusing easy to remember ones, don’t! A password manager can save the day by storing your passwords in an encrypted database. All you have to do is remember the master password for your password manager. Many password managers even help you generate powerful passwords.
2. Protect your data
The average total cost of a data breach in 2020 was $3.86M. If you’re not already taking basic measures to secure your business, employee, and customer data then now is most definitely the time. Threats are constantly evolving and there’s no guarantee that your business will forever be protected from a cyber attack, however, it’s still important to have precautionary measures in place.
In addition to using the strong password practices mentioned above, consider implementing the following basic cyber security safeguards:
- Backups. Backups protect your data and minimize loss in the event of a breach, power outage, or natural disaster.
- Employee security training. Teaching your employees how to defend your organization is one of the most important steps you can take so we’re going to go more in depth on its importance below.
- Encryption. Encryption encodes your data to make it unreadable and safe from unauthorized access.
- Endpoint protection. Endpoint protection detects threats, ensures your systems are patched and up to date, and monitors access to keep your device safe.
- Firewall. To prevent unauthorized network access, a firewall monitors network traffic and controls what’s allowed in and out based on pre-defined security parameters.
- Remote monitoring & management. Hiring a managed security services provider to remotely monitor and manage your devices is a proactive, streamlined way to protect your business.
- Spam filtering. Spam isn’t just annoying,it can also be dangerous. Spam filtering limits the amount of spam in your inbox and helps prevent email-borne threats like malicious links.
- Web content filtering & security. By blocking access to hacked or inappropriate sites, web content filtering & security shields against web-based attacks.
- Written information security policy. A written information security policy, or WISP, details policies and procedures for protecting your company’s confidential data, assessing how it’s being protected, and identifying who is ensuring it’s protected.
3. Assess your risk
It’s hard to fix something if you don’t realize it’s broken. Assessments are the first step in the ADKtechs three-step cyber security methodology of assess, address, and maintain. A risk assessment identifies the areas of your business that may be putting your business at risk such as unprotected devices, improper permissions, and unsecure PII. Once an analysis is conducted, your IT professional can assign a dollar amount to each risk based on business impact and likelihood of exploitation. This lets you easily see what these vulnerabilities could cost you in the event of a cyber security incident and helps prioritize what items need to be addressed first. When conducted routinely to maintain a constant level of security, a risk assessment can not only prevent costly data breaches, but also ensure compliance with various regulations such as HIPAA and the NY SHIELD Act.
The gold standard of security, National Institute of Standards and Technology (NIST), provides the following risk assessment outline:
- Prepare for risk assessment. Identify purpose, scope, assumptions, constraints, and approach.
- Conduct risk assessment. Identify threats, vulnerabilities, likelihood, impact, and overall risk.
- Communicate & share risk assessment results. Ensure all decision makers are aware of the risk assessment results.
- Maintain risk assessment. Conduct ongoing monitoring of risk factors.
If you’re feeling ambitious, you can check out the in-depth NIST Guide for Conducting Risk Assessments by clicking here.
4. Prepare for remote work
A remote workforce was the “new norm” last year and will likely continue to be in one way or another for the foreseeable future. It’s time for businesses to officially adapt. Home networks are inherently less protected than business networks. Ensure you have clear, established work from home policies in place so your employees know how to stay safe even while working out of the office. These measures can include:
- Enforcing strong password policies. Eighty percent of all hacks are the result of weak passwords.
- Using a VPN. A virtual private network, or VPN, shields and encrypts your internet activity.
- Avoiding the use of personal devices for work. Most personal devices aren’t adequately protected from cyber threats which puts your business and customers at risk. Also, mistakes happen. You don’t want your daughter attending her Zoom class on your computer and accidentally sharing your confidential work documents with her teacher. If your employees absolutely have to use their own devices for work due to budget restrictions, ensure you have a Bring Your Own Device (BYOD) Policy in place.
- Keeping devices up to date. Updates improve the security and performance of your devices.
- Installing mobile device management software. Mobile device management software lets your IT department configure, track, and secure work devices that leave the office such as laptops, cell phones, and tablets.
Another way to prepare for a remote workforce is by utilizing cloud services such as:
- Microsoft 365 & Teams. Practical and easy to use communication and collaboration tools are needed now more than ever. Microsoft 365, formerly known as Office 365, is the key to staying productive with a remote workforce. Part of the Microsoft 365 offering, Teams, is especially useful with a geographically dispersed workforce. You can think of Teams as a virtual conference room, filing cabinet, phone, and calendar all rolled into one.
- Cloud backups. You can’t be without your critical business data for even a minute. Secure and encrypted cloud backups ensure that all your company data is safe and accessible 24/7, no matter what. By backing up your data in the cloud hourly, daily, weekly, or monthly you can quickly get critical operations running again.
- Hosted phones. Don’t miss important calls just because you’re working from home. A hosted, or cloud-based phone system, allows you to make calls over the internet rather than traditional copper wires or optical fibers so you can connect to the office without physically being cooped up in the office.
5. Train your employees
As we mentioned above, employee security training is absolutely critical to protecting your business. Cyber security is everyone’s job, not just the IT department’s. Many breaches are preventable when you have a knowledgeable “human firewall” acting as your first line of defense against cyber attacks. Whether working from home or in the office, employees should know:
- How to identify phishing emails and websites.
- How to protect PII.
- How to create strong passwords.
- How to protect portable media.
- The risks of using their personal devices with company data.
- Your company’s cyber security policies.
Employee security training should be done regularly and consistently. It doesn’t have to be tedious, however. Our Cyber Tough Security platform features fun and interactive training that your employees can go through at their own pace.