Posted on December 7, 2017 at 12:00 PM
Rather than being a function of your infrastructure, cyber security starts with your employees. Threats evolve so quickly that technology can't keep up; security is really a company culture. Here are some tips to help drive cultural change that will keep your business safe from malware in 2018, and beyond.
- Foster a culture that values cyber security. While it may seem really obvious, too many organizations treat security as an after thought. Driving the point home that cyber security is every employee's job will go a long way towards reducing potential threats to your business.
- Be explicit in those expectations. It's not enough to use vague terminology. Spell out what cyber security means. It means not clicking links in emails, even if they appear to come from official sources. It means not assuming that the email from technical support asking for them to input their user name and password is legitimate.
- Encourage the use of strong passwords. Here we don't mean passwords that appear meaningless, like ABCD123^!. These are impossible to remember, will get reset, and will only breed apathy on the part of your employees. Strong passwords are actually pass phrases. Encourage the user to use a combination of words that don't typically appear together, but are memorable. This is advisable because the more characters in a password, the harder it is to crack. A shorter password with special characters is much easier to crack than a longer password of all letters.
- If your organization hands out mobile devices to its employees, then make sure you have a solid plan in place to keep it updated regularly. Make sure employees lock their phones with a PIN or password, and never leave the device sitting around in public venues. If the phone supports it, certainly employee encryption protocols to keep it safe.
- Realize that breaches can and do happen to even the largest and most well funded organizations. There are simply too many ways in. This means you need a backup plan - perform regular data backups. The more frequent the better, as it will mitigate the impact from a cyber security breach. It's must less tempting to pay the ransom when the hacker is demanding $5,000 for a day of work, than it's for several months. If you don't have a strong back up plan, contact us to get started right away.
- Make sure employees understand the importance of not trusting random USB drives they encounter laying around. It may sound silly, but studies have shown that dropping an infected USB in a parking lot is a highly effective way of circumventing even the most stringent protocols for cyber security. Invariably, someone picks it up and can't resist plugging it in to see what's on it. At that point, your expensive firewall becomes totally worthless, as the hackers have direct physical access to your network.
- Accept that you're a target. No matter how small your business. Whether you have 2 employees or 200, you almost certainly have more resources than some desperate hacker on the other side of the world. If they can extort $500 from you for just a few minutes of their time, they certainly will. No business is too large or too small to be a target, as we are all targets.
We know that's quite a bit to digest. Taking it one step at a time and working daily to encourage a culture of cyber security will go a long way towards tilting the odds in your favor. If you need additional advice, or want to get input on specific solutions, please don't hesitate to reach out to us.