10 Ways to Adopt the Best Security Practices at Your Company

Think about your business.

Even if you have a small business (as opposed to a large enterprise), you could still be targeted by hackers. Is your sensitive data totally secure? If it’s not, it’s time to step up your game. Take a look at the headlines below to see why you should be so concerned about it.

It is a well-known fact that hackers are multiplying in numbers. In this edition we discuss 10 ways to adopt the best cybersecurity practices at your company.

1. Creating a risk-based approach to Cybersecurity: The best approach is one that involves reverse engineering based on risk analysis. Too many companies put a lot of focus on compliance (checking off boxes), and they don’t realize that they are keeping their data unprotected. Instead, it’s best to do a risk assessment. You can identify your assets and liabilities, and look at your current security, and then figure out your threats.
2. Create a cybersecurity policy: Creating a written Cybersecurity policy is important as it serves as a guide for best practices. Of course, it also ensures that everyone at your company is on the same page. A good company-wide security policy is great, but you also might want to allow each department to create their own based on their individual needs.
3. Keep all software updated: You want to make sure that all of your software is always updated and upgraded. New malware is coming out all of the time, and updates help to protect your network and your machines.
4. Back up all and encrypt sensitive data: You want to make sure that you are backing up all of your data both onsite and in the cloud. Additionally, all sensitive and personally identifiable information is encrypted. Though these two are basic security measures, they are very important. A lot of ransomware is designed to take your data hostage, and as you can imagine, that would be devastating to a company like UberEats.
5. Only give needs based access to systems: Many companies, especially small businesses, tend to give all employees access to everything. This, however could be a huge mistake. The probability of something going wrong in a network is directly proportional to the number of people accessing it. So, it’s best to give people only the access that they require to do their jobs.
6. Always require Two-Factor Authentication: One of the best ways to protect your staff’s accounts is to use two-factor authentication. With this, in order to get into an account, not only does your employee have to put in a password and user name, but they also have to use a secondary way, such as a code that is texted to their mobile number.
7. Keep passwords secure and updated: Speaking of passwords you also want to make sure that your are keeping all of your company passwords secure, and you should teach your staff the same. The most secure passwords are those that contain both upper and lower case letters, numbers, and symbols and consider a password manager. Another point to make with passwords has to do with those devices that are part of the Internet of things, or IoT. These include any device that connects to the internet from your printers and phones to your lights and yes, even sometimes your car. All of these items have default passwords. Do your research and figure out how to change them to keep your information safe. Last, but not least, monitor the dark web for leaked credentials (checkout our video on dark web monitoring).
8. Know who is accessing your sensitive data: Many companies allow third-parties to work with them remotely. Nothing is inherently wrong with this…until disaster strikes. Just like those rogue employees can wreak havoc on your network, so can rogue employees of third-parties that have access to your information.
9. Watch out for phishing: It is also very important to know how to avoid phishing attacks. One way to do this is to use strong spam filters. You also want to tell them to never click on a link in their email, even if they think it’s legitimate, or to call the sender first. Additionally, make sure they do not haphazardly give information about the company out via email or phone. However, the most effective way to train your employees is to randomly conduct phishing simulations (checkout our phishing simulation service offering) .
10. Raise staff’s awareness: Make sure employees understand and follow firm’s cybersecurity policy, and engage in phishing simulation training. Finally, make sure that employees are regularly trained via computer-based learning. Even if you have the best cybersecurity policies in place, if your employees are not aware of them and following them, you are fighting a losing battle.