1 - Establish a Cybersecurity Policy
Approximately 40% of businesses do not have a dedicated cybersecurity policy in place, leaving them unnecessarily vulnerable to data breaches. A formal policy should be written so that each employee fully understands proper cybersecurity procedures and responsibilities. Your personnel are both your first line of defense and your greatest point of vulnerability. Be sure to equip them with the information they need to maintain a secure environment.
2 - Train and Retrain
Cybercrime is a constantly evolving threat. It’s important to train every new employee on cybersecurity procedures. It is equally important to hold annual or semiannual retraining sessions to ensure that every employee is up to speed on current best practices. The training should include procedures for quickly escalating concerns if they inadvertently click on something suspicious, or simply have a feeling that something is amiss.
3 - Use Strong and Unique Passwords
According to a survey by Virginia Tech, 52% of users have the same or similar passwords across multiple accounts. If any one of their accounts is breached, all of their accounts could be vulnerable. To avoid this risk, insist that all employees use complex, lengthy and unique passwords for each work account. Consider using a password manager to create these passwords and store them in a cryptographically sound way.
4 - Enable Multifactor Authentication
Accounts protected by multifactor authentication require you to provide something other than your username and password to gain access, usually a registered trusted device, fingerprint scan or security key. You should utilize multifactor authentication whenever available, but particularly to protect access to your high-consequence systems.
5 - Use Email Cautiously
Ninety-two percent of all malware is delivered via email. If an employee clicks on a link or opens an attached spreadsheet inadvertently, that employee could unwittingly download malware onto your network. You should also be on alert for business email compromise (BEC) attacks. These schemes involve fraudulent impersonations of an executive or client that are designed to get a target to send money or sensitive information. Never reflexively trust an email you receive. Always rely on multiple methods beyond email to confirm the sender’s identity and intent before engaging, and never transmit sensitive information via unsecured email or text.
6 - Use an Anti-Virus Product
Regularly run a reputable antivirus product on all personal computers and laptops used for business activities. This will protect devices from future malware invasions and clean up any existing infection.
7 - Keep Your Software Up to Date
Software companies typically include security upgrades in every update they release. Installing those updates immediately will help protect your devices. To simplify this process, turn on automatic updates where available.
8 - Use Extra Caution Outside the Office
Accessing information from a remote location poses a unique set of cyber-risks and challenges. Public Wi-Fi hot spots should be avoided in favor of creating a personal hot spot with your phone and connecting through an end-to-end encrypted channel (LTE). You should also use a virtual private network (VPN) for an additional layer of protection. Never leave your devices unattended, and refrain from using public computers or publicly available charging cords or USB ports.
9 - Don’t Overshare Online
Social media channels are routinely exploited by cybercriminals for fraud schemes, blackmail attempts and other crimes. Be sure to limit how much you share on social media and be careful when you share it. Posting pictures while on vacation, for example, lets the world know that your house is empty. You should also lock down the privacy settings on your accounts and only give applications the permissions they really need. Granting access to your photos, location, camera, contacts, etc., makes your data and personal information available to the application owner.
10 - Enlist an Expert
If you lack the expertise within your business, consider engaging the services of a cybersecurity expert. A cybersecurity expert can conduct a vulnerability assessment; educate your staff and clients; evaluate your vendors; and advise on encryption tools, cyber insurance, document storage, network monitoring and more.
Sources: Forbes Magazine. Available at: https://www.forbes.com/sites/francoisbotha/2018/11/10/why-family-offices-need-to-prioritize-cyber-security/#7273eb2c601a
Morgan Stanley Single Family Office Symposium conference polling data