Cyber threats are a serious business concern. Businesses and not-for-profit organizations are processing and storing larger and larger quantities of information about clients, members, employees, and partners. Much of it is personal or confidential information, spread across a myriad of services and devices. All this data increases the fear of cyber threats.
As a leader of an organization, it can be difficult to know where to start tackling cybersecurity. Leading your organization toward being more “Cyber Secure” is like most transformations in business. Taking the first step can be the hardest. However, by reading this blog, you’re already on your way to addressing the challenge of cyber threats.
Talk to your team about cyber threats and make sure that they’re aware of your company’s cybersecurity policies. You want everyone trained in proper information security procedures.
Assumption: you have defined policies and procedures for your organization. If your organization doesn’t have defined policies and procedures, then getting cybersecurity policies and procedures is where you should begin! If you need some help getting started, check out our Guides for more information about how you can get “Cyber Secure.”
Once you have policies and procedures in place, it is then critical that your team knows and follows them. Having policies and procedures specific to your organization is a great foundation. However, if your policies are on the shelf collecting dust, they’ll do nothing to help your organization become more secure. Don’t neglect your policies in the depths of a digital archive. If a breach does happen, having (and not following) policies and procedures will not prove you exercised “due care and due diligence.” Investing time and money can dramatically improve your most extensive vulnerability: your people! Therefore, educating your team on the facts can go a long way.
Many information breaches involve an element of tricking someone. Social engineering tactics convince someone to divulge a piece of information that is critical in the the orchestrated hack.
A secure password policy with multi-factor authentication where applicable can dramatically improve your data security. If your team members are using the same password for several different services and a cybercriminal gets possession of one password, they can easily access all of the other services.
If people are using passwords like their phone number, dog’s name, or other simple word combinations then it won’t be hard guess or launch a brute force attack. These passwords are weak and vulnerable. You want to make sure devices are password-protected and auto-lock features are activated. You can also have a security policy that requires employees to use a password manager. (Don’t forget the password after your screensaver.)
Really, there is no excuse for having unencrypted laptops that are loaded with private, personal and confidential information. If you’re not familiar with this practice, ask your IT Administrator about it or visit the support site for your computer hardware. Without encryption, all laptop computers are extremely vulnerable to being compromised. You don’t have to be a computer guru or experienced hacker. Need added proof of why you should do it? Just Google “how to reset my admin password on my mac.” You’ll be provided with step-by-step procedures that anyone could follow to gain full access to the data on any computer. Encrypt your data.
Point taken? Here are a few articles that can help you understand how to encrypt the hard drives on your machines:
It is absurd to think that there’s no possibility that things can go wrong. Cyber threats are real, don’t ignore that reality.
A robust top-notch information security program implemented across your organization, organizations you partner with, and your key vendors will go a long way to prevent most incidents. However, having a solid program in place doesn’t guarantee protection from all the scenarios that can do major harm to your organization.
Despite safeguards and precautions, a critical system can go out of commission, key data can disappear or confidential information can be leaked. This is where Business Continuity and Disaster Recovery Planning come into play. When faced with a failure or breach that causes a service interruption, most organizations panic and scurry about madly with no plan or reason. This is far from an effective approach. The pressure can lead to poor decision making during a critical recovery response period that can cost time and money. A few hours dedicated to proactively thinking out the ‘What would we do if….?” strategy related to all of your biggest cyber threats can be a game-changing practice that almost always leads to coming up with additional countermeasures and “Plan B’s”.
If you have a plan and everyone knows it, you are far better off then not having a plan at all!
Tags: best practices / business continuity planning / cyber security / cyber threats / data security / encryption / information security / Information Security Policies and Procedures / infosec / password policy /