Businesses and not-for-profit organizations are processing and storing larger and larger quantities of personal and confidential information about clients, members, employees, and partners across a myriad of services and devices. When we consider the growth and sophistication of cybercrime it becomes apparent that as our data processing and storage needs increase, so does the threat of a data breach or hack.
As a leader of an organization, it can be difficult to know where to start in terms of tackling cyber security. Leading your organization toward being more “Cyber Secure” is like most transformations in life in that taking the first step can be the hardest! The good news is that, in reading this blog, you’re already on your way to dealing with the challenge!
5 Things You Can do to Help Secure Your Company Against Cyber Threats:
#1 – Talk to your team and raise awareness
Talk to your team and make sure that they’re aware of your company’s cyber security policies and trained in proper information security procedures. Assumption: you have defined cyber security policies and procedures for your organization. If your organization doesn’t have defined policies and procedures, then getting policies and procedures is where you should first begin! If you need some help getting started, check out our Resource Section for more information about the process of getting “Cyber Secure.” The resource section also includes some additional thoughts about the importance of covering Cyber Security Policies and Procedures during Employee Onboarding.
#2 – Reinforce team awareness and knowledge with regular training
Once you have policies and procedures in place, it is then critical that your team knows and follows them. Having policies and procedures specific to your organization is a great foundation; however, if they are on the shelf collecting dust, or buried in your digital archives, they’ll do nothing to help your organization become more secure. Also, if a breach does happen just having (and not following) policies and procedures will likely not be sufficient in proving you have exercised “due care and due diligence,” Investing time and money can go a long way to improving what is likely your most extensive vulnerability: your people! Therefore, educating your team on the facts can go a long way.
Many information breaches involve an element of tricking someone using social engineering tactics to divulge some piece or pieces of information that are critical in the success of the orchestrated hack.
#3 – Enforce a secure password policy
A secure password policy with 2-factor authentication where applicable on laptops and mobile devices can dramatically improve your data security level. If your team members are using the same password for several different services and a cyber criminal gets possession of one password, they can easily access all of the other services. If people are using passwords like their phone number or their dog’s name or other simple word combinations then the ability to guess or launch a brute force attack to get these passwords is significantly increased. Make sure devices are password protected, and that the auto-lock feature is activated.
#4 – Encrypt and backup your data
Really, there is no excuse for not having laptops – which are loaded with private, personal and confidential information – encrypted. If you’re not familiar with this practice, ask your IT Administrator about it or visit the support site for your computer hardware. Without encryption, all laptop computers are extremely vulnerable to being comprimised. You don’t have to be a computer guru or experienced hacker to do this. Need added proof of why you should do it? Just Google “how to reset my admin password on my mac.” You’ll be provided with step by step procedures that anyone could follow to gain full access to the data on any computer. Point taken? Here’s a few articles that can help you understand how to encrypt the hard drives on your machines:
#5 Consider your Business Continuity Plan and ask your service providers and partners about theirs.
It is absurd to think that there’s no possibility that things can go wrong. A robust top-notch information security program implemented across your organization, organizations you partner with, and your key vendors will go a long way to prevent most incidents; however, having a solid program in place doesn’t guarantee protection from all the scenarios that can do major harm to your organization. Despite safeguards and precautions, a critical system can go out of commission, key data can disappear or confidential information can be leaked. This is where Business Continuity and Disaster Recovery Planning come into play. When faced with a failure or breach that causes a service interruption, most organizations panic and scurry about madly with no plan or reason. This is far from an effective approach. The pressure can lead to poor decision making during a critical recovery response period that can cost time and money. A few hours dedicated to proactively thinking out the ‘What would we do if….?” strategy related to all of your biggest threats can be a game changing practice that almost always leads to coming up with additional counter measures and “Plan B’s”.
If you have a plan and everyone knows it, you are far better off then not having a plan at all!
This blog is meant to provide a starting point to implementing cyber security practices within your company. Due to the rapid progression of technology this is an ongoing and ever-evolving subject!