The global economic impact from cyber attacks surpassed $45 billion in 2018 and any type or size of company can become a victim. If it hasn’t happened to you yet, count yourself lucky.
The good news is that the majority of breaches could have been prevented with known protection methods. Cybersecurity strategies can minimize risks and keep your company’s data safe. Just as it can make sense to outsource IT needs like quality assurance, you can benefit from outside data security help.
Whether or not you choose to work with an outside vendor, consider adopting the following best practices this year.
1 – Create a Comprehensive Cybersecurity Policy
Develop a comprehensive written cybersecurity plan to provide guidelines for the entire company to follow. Also instruct each department to create its own policies to address more specific needs. For each plan, conduct a risk assessment to identify weak points and create the policy accordingly, prioritizing areas with the highest levels of risk. Periodically re-evaluate these risks and adjust policies as needed.
The company plan should include Bring Your Own Device (BYOD) rules, covering personal electronics use. You may decide not to permit personal devices to access any company data. If you do allow it, consider implementing the following rules:
- All personal devices used for work must have security software, password protection, and encrypted data.
- Employees should complete security updates on personal devices in a timely manner.
- Employees must immediately report any lost or stolen devices.
2 – Backup Your Data
To play it safe in case a breach happens, maintain a full, current, encrypted backup of all company data. Set up automatic backups to occur on a regular schedule. Ideally, have at least one onsite method, such as backing up to a separate drive, and one offsite method, such as backing up to a cloud service. Divide backup responsibilities among several people to avert insider threats.
3 – Manage Passwords Smartly – but Don’t Stop There
Strong password practices promote data security. Deploy standard password practices such as using memorable phrases instead of random characters, keeping password credentials private, changing passwords on a regular basis, and mixing upper- and lower-case letters with numbers and symbols. Additionally, for people working in the system short-term, consider utilizing temporary passwords that expire.
To strengthen data protection, go beyond passwords to include multifactor authentication, which adds an extra layer of user identification before allowing access. This additional step can include a security token, temporary mobile phone code, or biometrics. Biometric security allows quick authentication, safe access, and detection of unauthorized use of devices. Options include voice recognition, fingerprint scans, palm biometrics, facial recognition, and behavioral biometrics like keystroke or mouse dynamics.
4 – Take Control of Access
While your employees are your most important assets, they also present the greatest risk factor. Therefore, closely manage who has access to your network and data. Use the principle of least privilege, meaning each worker should have only the minimum level of access to do their job well. The following rules should apply:
- Give data access only to people who need it.
- Grant admin privileges only to key personnel.
- Assign each new user account the fewest privileges possible and only increase when necessary.
- Revoke privileges as they’re no longer needed, including when employees are terminated.
In addition, monitor user activity by tracking staff who have full access, recording information about user logins, and creating separate user accounts and strong passwords for each employee.
Take additional precautions in situations in which you must grant third-party access to remote employees, subcontractors, business partners, suppliers, and vendors. Use one-time passwords that can log user actions to detect malicious activity.
5 – Train Employees
Employees are on the front lines of data security, so they should be provided with comprehensive training. Even if it costs money up front, it’s worth it to avoid the potentially huge negative impacts of a breach.
Make sure all employees are aware of your company’s security policies and why they’re in place. Explain how cyber threats can harm the company and give examples of the impact of real-life breaches. Educate employees about the latest cyber crime tactics and how to recognize and avoid them. For example, the following techniques are in common use today:
- Phishing involves emails or phone calls to gain credentials or infect systems with viruses and malware in links and attachments.
- Supply chain attacks gain access through a third-party vendor.
- Crypto jacking entails planting code to use company computers to mine cryptocurrency.
- Business email compromise involves soliciting funds using emails that supposedly come from vendors or executives.
6 – Ensure Software Is Secure
Keep security software, web browsers, operating systems, and personal devices updated with the latest protections. Apply all security patches available to address vulnerabilities and security gaps. Consider security testing to uncover additional software vulnerabilities.
Create a schedule for regular software updates and devise a plan to upgrade and replace devices when they’re no longer supported by the manufacturer with updates and security patches.
In the face of potential cyber attacks, you’re not helpless. By creating and implementing a comprehensive cybersecurity policy, you and your employees can work together to protect your company’s sensitive data and avoid the potentially devastating repercussions of a breach.