You have locks on the doors and windows, but chances are, you’re letting your company’s cyber security fall by the wayside.
When it comes to protecting your company’s private information and your employees’ and customers’ personal data, there are many ways that cyber crimes can affect you. While many business owners and managers would rather outsource anything tech to the IT department and forget about it, staying ahead of trends in cyber security may just save your company’s reputation.
You barely have to wait a day before hearing about some new cyber security breach of a major company, like Equifax (143 million Americans’ data), Uber (57 million users’ data) and Dropbox (details for 68.6 million accounts stolen), or a major government institution like the SEC where the full extent of the damage is still to be determined.
But know this: you don’t have to be big to be hacked. Data shows that in 2016, small businesses were the victim of cyber attacks 61% of the time, a number that was up from 53% in 2015.
So what should you look to lock up better at your company? Here’s a quick rundown:
1. Start small: Passwords.
Implementing a rigorous password protocol might just be the easiest way to slam the door on cyber hackers who try to get into your employees’ email, files, computers, or even thumb drives. You can have your IT department set protocols to expire passwords on a regular basis, and to prevent the use of some of the perennial “worst passwords” that get used, like (believe it or not) “password” or “12345.”
“LastPass recently released a report in conjunction with market research agency Ovum on “Closing the Password Security Gap,” writes Rob Marvin in PC Mag. “The report surveyed 355 IT executives and 550 corporate employees. Among the findings were that 61% of IT execs rely exclusively on employee education to enforce strong passwords. The report also found that four in 10 companies still rely on entirely manual processes to manage user passwords for cloud apps. Kaplan said the biggest problem for businesses is having an ineffective security approach to how employees work nowadays.”
Most password “hacks” aren’t hacks at all, they’re guesses that you’ve picked a password that’s easily figured out, says Kyle Bruckner, Managing Director of Technology at PayneWest.
Some of Bruckner’s tips to make all your passwords secure include:
- Don’t write passwords down on paper. Consider using a program like KeePass (our secure password management software). KeePass securely keeps all of your passwords in one place. The best part is that you only ever have to remember one password! You can call or email the IT Helpdesk for more information or to get started.
- Never share your passwords with anyone. Even IT can’t see your passwords and we want to keep it that way.
- Never include passwords in email messages.
- Never reveal passwords in forms or questionnaires.
Bruckner also has tips for creating passwords that can’t be cracked by even the savviest of hacking software:
- If the password includes the names of your kids, your dog, your birthday, your favorite team, the city of your birth, your kids’ birthdays, your anniversary, etc., it’s not a good password.
- Don’t use the same password for all of your password-protected accounts. If one is hacked, all others are vulnerable.
- Don’t use a password that is similar to an old one as it creates an avenue for compromise.
- Try an acronym from an easy to remember piece of information or a phrase. Substitute numbers, symbols and misspellings for letters or words in an easy to remember phrase. For example, $ could substitute for S, @ could substitute for a, luv could substitute for love, etc.
2. Keep software up-to-date.
All those apps on your employees’ phones and computers need updating to fix bugs, but they also get updated to apply patches to close up holes that cyber criminals might pass through to get into company email, files and more. Encourage employees to keep their personal devices updated, especially if they’re not company issue.
3. Educate employees on their role in security.
You hear all the time about “that one employee” who made a bad judgment call and clicked on a phishing link or lost their laptop in a taxi out of town.
For example, “in 2015, thousands of patients had their personal health data compromised when a former University of Oklahoma physician’s laptop was stolen.” Writes Alvaro Hoyos at HRPS. “The university was unable to ascertain the extent of the damage or determine exactly what information was on the employee’s laptop. Exacerbating the problem further, the university was unaware the former employee had taken any patient information with him until after the theft was reported.”
You can and should educate employees on their role in keeping your business safe. From having a secure laptop password and physically protecting electronics like phones and thumb drives to not sharing access to unauthorized personnel or passing personal information on unsecure or unreliable methods like email, you want to keep everyone aware of their role as a gatekeeper to your business.
4. Have a plan and write it down.
Our 2018 RiscoveryTM Insights Report concluded that 70% of those surveyed were at least minimally concerned that their company is at risk for a cyber threat or security breach. But out of those surveyed, 62% do not have a written risk management plan in place in the event of a cyber attack.
Make sure your IT department, web developers and any company hosting data outside your business work together to keep ahead of potential threats, keep software and anti-virus programs up-to-date and maintain a clear level of communication with employees so that no one person or group can put the company at risk.
5. Get covered.
Cyber security insurance protects not only your business, but everything that your company touches with its digital footprint, from employee social security numbers to customers’ credit card numbers.
“As you and your company evaluate your risk and exposure to cyberattacks and data theft, remember that there is no avoiding the impact that this new threat has on all businesses of any size,” writes Ryan Bradley at Forbes. “Do not fret, however: There are great resources at your disposal and an army of experienced professionals waiting to lend a hand along the way.”