A Team Effort: Tips on How to Make Business Cybersecurity A Priority

In the wake of current world events with Russia’s attack on Ukraine, cybersecurity concerns are increasing for businesses of all kinds and sizes around the United States. Here are some important things to keep in mind as you consider cybersecurity in today’s day in age.

Know the Basics

For new and established businesses alike, there is a lot to plan for — payroll, employee training, managing inventory, and paying taxes, etc. However, it is important to keep cybersecurity at the forefront of all operations from the very get-go.

If you don’t, you could be making your business vulnerable at a time when you are trying to focus on strengthening and building your client base and revenue. The sooner you have a strong cybersecurity system in place, the safer your business will be.

Jessica Murray, IT account manager for Lutz Tech, said that companies need to be on high alert.

“Hackers aren’t using new tactics, but they are being more aggressive with the old ways. Stay diligent and informed,” she said.

Denise Mainquist, ITPAC Consulting president, added that cybersecurity attacks are on the rise, especially in the health care sector.

“But other types of businesses need to be alert to cyberattacks as well,” she said. “Phishing attacks and ransomware can have huge impacts, even if the business isn’t regulated or doesn’t think it has valuable information. Compromises of employee information, account credentials and financial account information can open a business up to fraud and losses that can be very expensive.”

Know What You Need

Investing in the right security, therefore, is crucial, even if your company is on a shoe-string budget.

- Advertisement -

“The cheapest and easiest place to start is with passwords and accounts,” Murray said.
She recommends asking these questions of your team:

-Does your password policy include a minimum length of 12 characters? Does it require numbers, letters, and/or special characters?

-Is multifactor authentication (MFA) turned on wherever possible? Next, what is your backup strategy?

-Can you recover from a cyberattack? Do you have local backups in-house and offsite backups that are in a different geological location?

Another initial step to consider — and one that often gets overlooked — is keeping all software up to date.

Desktops, tablets, laptops, phones, and other devices that your business regularly uses need to be updated on a regular basis. In other words, don’t ignore prompts to upgrade your software programs.

Doing this to your computer or other devices does require you to block off your schedule for a bit, but it is not a waste of time. Many times, the updates on your computer or software programs are upgrades to the security that provide patches.

So, if there was a flaw or a new security threat that comes to light, the upgrade will help solve that problem and keep your company data secure.

If you ignore the update or keep selecting the ‘remind me later’ function, your software — and all the sensitive information that you have stored — could be exposed.

Don Pecha, senior director of information security for FNTS, explained, “Companies need to first ensure they have a way to search for and document every technical asset on their network in real-time. This means they can ensure every device attached to their network can be identified, scanned, and hardened against attacks.

“Once organizations have a full inventory of those devices, software, and applications, they need to ensure continuous cycles of vulnerability scanning to ensure all devices and applications are patched. Patching work is where more resources need to be focused. Today’s dynamic environments continually need patching and hardening. It’s recommended that organizations have someone review firewalls to ensure they are patched and that rules still match business objectives.”

Securing Wi-Fi networks is also a key line of defense against unwanted scams or hacks. If you use Wi-Fi for your business, make sure it is secure, encrypted, and that the company’s name is hidden. Also, add password protection access to the router.

It is also recommended that employees or business owners don’t use the same devices for business as they do in the home. So, if you have a work laptop, use it only for work. Storing business information on a device that could be shared with family, friends, or roommates could leave your company’s information at risk.

Last, backup your data as often as possible. Depending on your type of business, you may want to backup data every evening at the close of business. At the very minimum, you should backup data once a week.

Make it a rule to not store everything on just one device, either. If the device is hacked or you are locked out, you could lose everything. So, invest in external drives and consider keeping hard copies of records as well.

Invest in Education

All staff members should be trained in basic cybersecurity skills. In addition, it is important to ensure you have a clear cybersecurity protocol outlined and written down. Plan for the worst-case scenario and create policies and procedures that give you a response strategy that is dynamic and effective.

All practices need to be kept impermeable and employees should have a clear understanding of what they are. Make certain everyone knows company expectations and invest in regular training — either with an on-staff information technology specialist or with a cybersecurity consultant. This is a worthwhile investment that could be a valuable way to implement strategies and knowledge that deter hackers and cyberattacks.

Murray said, “Companies need to ask their IT teams a few questions. Is there end-of-life hardware, software, or operating systems on the network? Have your employees had a refresher course on cybersecurity? What [do they need to] look for and what to do if they notice something? Is multifactor authentication deployed to email and other applications that allow it?”

Continual Review

When it comes to cyber protection, there is a lot to consider. That’s why taking the time on a monthly or bi-monthly basis to ensure everything is functioning as it should is critical to ensuring the long-term protection of your company’s most sensitive information.

As hackers get more creative and as technology continues to advance and change, it is important to remember that what once worked for your security efforts may not suffice later down the road.

Therefore, it is essential to frequently review your security safeguards and confirm they are strong enough. This is especially true if your company offers employees a remote work or a hybrid work environment option.

“Multifactor authentication (MFA) for all remote access is considered a baseline standard,” Mainquist said. “Companies sometimes feel that implementing multifactor makes it difficult to access systems remotely, but by not implementing MFA there is a huge risk of credentials getting skimmed and a malicious actor getting into your information.”

Using virtual private networks (VPNs) are also a good way to mitigate the effects of online attacks. A VPN allows employees to access the business network while working from home, but it is done in a safe way through encrypted data.

“VPNs or secure connections are necessary in addition to MFA,” Mainquist said.
Above all, remember that information security is something that is always evolving.

Technology changes and hackers adapt with it. That means you and your business must learn to adapt, continually evaluating that all your processes remain effective.

There isn’t a one-size-fits-all way of protecting you or your business from attacks online, but there are a lot of ways you can be proactive about preventing them.

Outsourcing cyber monitoring and protection from a trusted source is an affordable way to set up a line of defense for your business.

“I cannot stress enough — employees are the first line of defense,” Pecha said. “Traditional attacks still focus on the human desire to be helpful. Provide company training on email security, run phishing simulations, and educate employees to support them. Ensure company budgets include funding to help technical teams continually learn and grow. These are good business investments to make as threats become more pervasive.”