For extra security, make sure to always turn on Multi-Factor Authentication (MFA), which requires an additional step for verification. For extra, extra security, try a Zero Trust strategy, which requires re-authentication for all sensitive data.
This is Just the Beginning…
Like so many aspects of the digital world, your cyber security tasks and approaches will change dynamically as you find out new information and as cybercriminals develop new tactics. These tips are meant to help you build a solid cyber security foundation for your company, but you’ll want to keep adjusting to defend against all the latest threats year after year.
- Focus on cloud security
It can be tempting to share passwords so you can limit the number of licenses you need for a cloud service, but each shared password opens your company to cyber security risks. Considering how much costs add up if you become the victim of a cyberattack, it’s probably worth it to pay that extra money for additional cloud licenses. - Get rid of old data
In the past, entire rooms were dedicated to shared file cabinets and the only time anyone would clear out old files is when overstuffed file drawers couldn’t fit any more paper. Now that we’re all going paperless, it’s harder to tell when those digital “file drawers” are overstuffed – which gives cyber thieves a lot more they can steal. - Perform regular backups (for cloud data too!)
Anything can happen lightning storms, power outages, ransomware attacks, “oops” moments. If your files suddenly vanished, how much irrecoverable time would it take for you to restore all your financial info, contact records, calendar appointments, and contracts? If you regularly back up your local and cloud data, the answer would be “about 15 minutes.” (Maybe a few hours, if the problem is ransomware.) - Be careful with data permissions
A cybercriminal’s favorite trick is to convince your employees to willingly hand over their passwords. Why? Because then the criminals don’t have to worry about all those cyber security risk management tactics you put in place – they just have the same access one of your employees does. Make sure there’s no one employee with access to 100% of all your systems and records just in case the cybercriminal manages to get hold of their password. - Use strong passwords and MFA
One of the best ways to keep cyber thieves from figuring out employee passwords is to use bizarre, hard-to-remember passwords. As a quick tip: “MyCompany123” is not a secure password, but “Y7u8$bnGaQ1m>0” is. Since it’s also best practice to use a unique password for every application, this adds up to a lot of impossible-to-remember passwords. To help generate and use strong passwords, we suggest using a password manager like 1Password.
- Keep a close watch on your network activity
It’s 11 AM. Do you know what’s happening in your network right now? Most business leaders don’t, and that’s completely understandable. After all, you have to know what’s going on with the business and top customers right now – who has time for paying attention to a network?! Cybercriminals know you’re too busy to watch for them, so make sure you have automated tools or actual people scanning for anomalous network activity at all times. - Train your staff to avoid phishing attacks
The best way to prevent a cybercriminal from harvesting your employees’ passwords is to train your staff to avoid phishing attacks. Fortunately, there’s a great way to do this: KnowBe4. This is a computer training program that teaches you and your employees how to identify red flags that may indicate phishing attacks, but it doesn’t stop there. KnowBe4 also sends out constant reminder “tests” in the form of simulated phishing emails to keep your office on its toes. This is, hands down, one of the best ways to reduce cyber security risks for businesses. - Tie up loose ends like open access ports
To exchange data over a network or the internet, you must open ports – kind of like opening a window to let in the fresh air. Some access ports need to be open all the time, to allow emails to send for example, but some of them should be closed when not in use. Just like that window, bad stuff like thieves and bugs can get in if you leave your access ports open all the time. The more devices and networks you use (i.e. the more WFH “offices” and IoT devices you have) the more ports you have open. Find them. Close them. - Offboard employees properly
Hanna’s great, but does she still need to have all the passwords to your cloud accounts two years after she’s quit? It can be hard to remember to change all the passwords on your accounts when you’re scrambling to fill a vacated position, but the more people who know your passwords the more security risks you have. Plus, you shouldn’t be paying for Hanna’s cloud account anyway now that she’s gone – and you listened to us on Tip #1 and didn’t share passwords, right? - Limit IoT access on your office network
For some weird reason, manufacturers think we all want all our stuff to connect to the internet these days. Smartphones are one thing, but smart washing machines and smart kitchen appliances seem unnecessary. Remember: every connection to your internet or network creates an open access port – and IoT devices tend to have a lot of access ports for some reason. To be safe, make sure those smart kitchen appliances can’t connect to your office network because they’ll provide an open window into your company data. - Hide your Wi-Fi router
If someone pulls up in your office parking lot, can they scan for Wi-Fi and find your router? Obviously, you’ve password-protected that router so they can’t just log in and use free Wi-Fi, but wouldn’t it be better if they didn’t know your router’s name or whereabouts at all? (Spoiler: yeah, it would be better.) - Stay up to date with cyber security news
Things change fast in the cyber security risk landscape. Things also change fast in your industry. To keep up with all the changes in your industry, you probably read a trade magazine like Engineering Weekly. (We don’t know if that’s a thing, but it should be.) To keep up with all the changes in the cyber security threat landscape, it’s a good idea to read security-focused blogs like Krebs on Security, FireEye, KnowBe4, Dark Reading, or CSO Magazine. For an easier read, try our blog! - Apply patches immediately
As we said, things move fast. Every day there are new cyber security risks for businesses. Depending on the severity of these risks, that means you could have patches and updates to install on all your devices every single day. Here at Interplay, our IT security experts frequently install updates on clients’ computers… and then install even newer updates the very next day. The point is that no matter how often those patches are released, you cannot fall behind. - Set up remote wipe for mobile devices
Mobile devices are, you know, mobile and stuff, so you and your staff could be using phones, tablets, and laptops at a coffee shop, in an airport, at a bar, or on the ferry. This means you could also mistakenly lose those devices in all those locations. If you lose your device, or if it’s stolen, Mobile Device Management tools will help you remotely wipe all the data from the device, so at least the finder/thief doesn’t get access to a smartphone and your clients’ business checking account numbers. - Avoid public Wi-Fi
As they say, “there’s no such thing as a free lunch.” There’s also no such thing as free Wi-Fi. The dangers of free Wi-Fi are pretty well known by now… but, nevertheless, there are times when you have no choice but to log in using an unsecured internet connection. When you find yourself in these situations, make sure to protect your company data as much as you can.
Fortunately, you have help. For those of you that have partnered with Altrafix Projects Ltd, we’d like to introduce you to the friendliest, most fun, and most supportive and nice team of IT experts you’ve ever met.