Security best practices for businesses of all sizes are more important now than ever; protect your business with these cyber security tips.
Cybersecurity breaches to businesses are in the news every day and having a plan in place is now a required business practice. Most security professionals will tell you there are only two types of businesses:
Those that have been hacked and those that have been hacked but don’t know it yet.
Many companies believe they will not be a target of an attack. The truth is that all companies must prepare for a cyber-attack and physical security risk by having an individual or team in place to protect from such an attack. Here are some of the best inexpensive ways to protect your business:
Create a Security Plan with Policies and Procedures
Most businesses understand the importance of having an emergency plan if there is a fire or weather disaster at the business. Will your employees react properly to ensure that everyone is safe? Do employees know what to do if there is a fire and have you conducted fire drills? What about a hurricane, tornado or earthquake?
You need this type of plan for all aspects of security for the business and this includes physical and cybersecurity risk. Employees also need to understand what they can and cannot do with company resources including laptops, cellphones and networks. Employee participation and support of cyber and physical security policies and procedures will help make the work environment safer.
All companies should have an incident response plan with crucial information such as: whom to contact when an incident occurs; what to do to secure the business data or assets and when to contact law enforcement. All businesses must have an “acceptable use policy statement” in place that is signed by all employees on a yearly basis.
Security Awareness Training for All Employees
Physical and cyber security risk to your business will continue to increase on a daily basis. Human error whether un-intentional or intentional is best mitigated through ongoing training. Employee awareness is the best way to ensure that your workforce follows best practices. This will limit the threat to your organization and help to create a culture of security awareness.
Employee security awareness training not only demonstrates that your business takes the confidentiality of its client’s data seriously, it helps to serve as an important reminder of the day to day risk to everyone. This training can be the difference between keeping your business up and running, or seeing it crippled by a cyber-attack due to a lapse in security.
Topics such as password security, social engineering and phishing risk need to be ongoing and these threats pose a huge risk to your business every day. Making employees aware of these risks will help to protect the safety and security of the employees and the business.
Cyber Security Basics
- Do you have an IT staff or IT vendor that understands your security needs?
- Do they really have any expertise in cyber security?
- How do you know they have configured your IT infrastructure with security as a priority?
Some of the important basic IT security concerns you should have in place:
- Operating system and software updates; Windows or Apple updates are required best practices. Are you using old or outdated operating systems? Microsoft and Apple are constantly updating their operating systems and Office software for vulnerabilities, so you need to insure all computers are updated. This also is required for all other software you might be using including Adobe for PDF’s.
- Backups; to insure the continuity of your business you need to require that all computers and systems are being backed up daily. This is not just a “nice to have” and is a clear requirement for businesses of all sizes. If any of your employees click on a “ransomware” email you will immediately understand why you need a backup. Put daily backups in place and verify them on a regular basis.
- Wi-Fi Security; make sure all router “out of the box” default settings have been removed and changed. Make sure the highest level of encryption is turned on and that you are using a very strong password. Make sure your router firmware is updated on a regular basis. Use a virtual private network (VPN) whenever possible. Setup a guest Wi-Fi network for visitors at your business. Physically secure your router in a locked location that is not accessible to everyone.
Background Checks for Employees
How well do you know your employees? As a business executive you may or may not have a good working knowledge of your employees and their true background. Hiring a service to conduct a basic background check of all current and prospective employees is an important security practice that will pay dividends.
There is a clear reason that all government agencies and large private sector companies conduct employee background checks. Background screening is proven to create a safer environment for employees and the workplace. This applies to businesses of all sizes.
Final Thoughts
Security can no longer be an afterthought to your business. You must make it part of your business acumen and consider it just as important as anything else you do to make your business successful.
If you don’t have an employee that can successfully make security part of their daily work duties, consider hiring a well-qualified vendor to serve this role.
Do you need help with security awareness training for your employees?
CFISA’s Security Awareness Training courses are designed to educate employees on proper cyber and data security behavior to best protect your organization from a catastrophic data breach.