In this article, we discuss ten best cybersecurity procedures for businesses.
#1 Establish a Cybersecurity Policy
Approximately 40% of businesses do not have a dedicated cybersecurity policy. In turn, this leaves them unnecessarily vulnerable to data breaches. A formal policy should be written so that each employee fully understands proper cybersecurity procedures and responsibilities.
Your personnel are both your first line of defense and your greatest point of vulnerability. Be sure to equip them with the information they need to maintain a secure environment.
#2 Train and Retrain
Cybercrime is a constantly evolving threat. It’s important to train every new employee on cybersecurity procedures. It is equally important to hold annual or semiannual retraining sessions to ensure that every employee is up to speed on current best practices.
The training should include procedures for quickly escalating concerns if they
- inadvertently click on something suspicious or
- feel something is amiss.
#3 Use Strong and Unique Passwords
According to a survey by Virginia Tech, 52% of users have the same or similar passwords across multiple accounts. Therefore, if any one of their accounts is breached, all of their accounts could be vulnerable.
To avoid this risk, insist that all employees use complex, lengthy and unique passwords for each work account. Consider using a password manager to create these passwords and store them in a cryptographically sound way.
#4 Enable Multifactor Authentication
Accounts protected by multifactor authentication require you to provide something other than your username and password to gain access. This is usually a registered, trusted device, fingerprint scan, or security key. You should utilize multifactor authentication whenever available, particularly to protect access to your high-consequence systems.
#5 Use Email Cautiously
Ninety-two percent of all malware is delivered via email. For example, suppose an employee inadvertently clicks on a link or opens an attached spreadsheet. In this case, that employee could unwittingly download malware onto your network. You should also be on alert for business email compromise (BEC) attacks.
These schemes involve fraudulent impersonations of an executive or client that are designed to get a target to send money or sensitive information.
Never reflexively trust an email you receive. Instead, always rely on multiple methods beyond email to confirm the sender’s identity and intent before engaging, and never transmit sensitive information via unsecured email or text.
#6 Use an Antivirus Product
Regularly run a reputable antivirus product on all personal computers and laptops used for business activities. This will protect devices from future malware invasions and clean up any existing infection.
#7 Keep Your Software Up to Date
Software companies typically include security upgrades in every update they release. Installing those updates immediately will help protect your devices. To simplify this process, turn on automatic updates where available.
#8 Use Extra Caution Outside the Office
Accessing information from a remote location poses a unique set of cyberrisks and challenges. Therefore, public Wi-Fi hot spots should be avoided in favor of creating a personal hot spot with your phone and connecting through an end-to-end encrypted channel (LTE).
You should also use a virtual private network (VPN) for an additional layer of protection. Never leave your devices unattended, and refrain from using public computers or publicly available charging cords or USB ports.
#9 Don't Overshare Online
Cybercriminals routinely exploit social media channels for fraud schemes, blackmail attempts, and other crimes. So be sure to limit how much you share on social media and be careful when you share it. Posting pictures while on vacation, for example, lets the world know that your house is empty.
You should also lock down the privacy settings on your accounts and only give applications the permissions they really need. For example, granting access to your photos, location, camera, contacts, etc., makes your data and personal information available to the application owner.
This should be one of the crucial elements of your cybersecurity procedures.
#10 Enlist an Expert
If you lack the expertise within your business, consider engaging the services of a cybersecurity expert. This professional can:
- Conduct a vulnerability assessment,
- Educate your staff and clients,
- Evaluate your vendors, and
- Advise on encryption tools, cyber insurance, document storage, network monitoring, and more.
Sources: Forbes Magazine. Available at this link.
Morgan Stanley Single Family Office Symposium conference polling data