- Data Backup
Valid backups are essential. The backups should have a local and cloud storage component. Backup policy is more than how much you back up. It must include the calculation of how long it will take to restore the backup to a working/production state. Attacks sometimes are inevitable. While we’d all like to prevent 100% of problems, that is just not realistic. Understanding the time to restore versus cost of backup solution is essential and will save frustration if and when that type of event occurs. - Multi-Factor Identification
Multi-factor identification is when you need two forms of identification to gain access to a system. This is a security best practices that is essential to your cybersecurity policy. It is the best way to add an extra layer of protection to things like email accounts and software, and it’s simple enough to set up in a few steps. - Create Cybersecurity Policies
The first step is to sit down and create clear, usable cybersecurity policies. If you haven’t already done this, time is of the essence. It is important to document your protocols. You need to consider this in the onboarding and offboarding of personnel, access to systems, mobile device management and ongoing employee training. You need your outsourced IT department, internal IT, or security consultant to assist you in making sure that the document is clear, complete, and understood by all.
- Mobile Security
Business activity is quickly shifting to mobile devices and other endpoints. This means protecting your desktop computers and servers isn’t enough, you also need to take precautions to protect mobile devices. You’ll want to document these protocols in the policies we mentioned above, but it’s a good idea to educate employees as well about how to stay secure on their mobile phones. - Practice Safe Email Protocols
One of the most common ways cyberattacks occur is through emails. This is especially true for employee emails accounts which aren’t always as secure. Aside from learning how to set a secure password, also ensure your employees understand how to navigate suspicious-looking emails. Create a system for reporting these suspicious emails and preventing them from spreading.
- Employee Education
Of course, one of the most fundamental steps is to educate your employees on security best practices. Many people might be well intentioned, but they lack an understanding of how their security could be compromised online. Start with education about storing files securely, setting passwords, and your company policies. From there, take steps to notify employees about any breaches of security that might affect them. User Awareness training and phishing attack campaigns are very effective. - Antivirus/Antimalware
Finally, having antivirus and antimalware programs are essential to catch the steady onslaught of phishing attacks and attempts to gain access to your business. Windows Updates is another important piece of protection. - Network Security
Your firewall/router is no longer a device that you purchase and walk away from for the next 5 years. Software on these devices must be up to date. You need someone to be checking open ports and basic security. External PEN testing annually is good policy.
Final Thoughts – Is your company safe from cyber-attacks? No matter your business size or whether you handle sensitive information, you could still find yourself as the target of an attack. You don’t want to become just another statistic. Take these steps above to protect your business, your employees, and your customers. Their information is worth protecting. It’s easier than you think to get started with a secure system, so don’t waste any time without one.