How Can I Improve Cybersecurity?
Cybersecurity is not something you should review every now and then. It should be a regular part of your IT planning and review, as well as your business’s strategic plan. It’s not a matter of if you have a security incident, but when and how damaging it will be. It can seem like there’s never enough you can do to protect or prevent hacking from happening. How do you know if what you’ve done is enough?
There are several basic steps that can be taken to protect your business which involves best practices most already know:
- Have an up-to-date firewall with an active security subscription. Firewalls are your first line of defense. They protect all the IPs that flow in and out of your network. Most good firewall manufacturers have subscription-based services that can extend past the basics. These can prevent network breaches, so it’s a good practice to take advantage of those services.
- Patch, patch, and patch some more. You probably know this and already automate the Windows updates and anti-virus applications you use. But are you patching applications like Java, Adobe, Chrome, Firefox, and others? This is often overlooked by many IT departments-so ask and ensure there’s a practice in place to automate this.
- Change your passwords. This is the most overlooked and arguably the most tedious task for employees to perform. But consider the number of breaches that have occurred in the past couple years and the poor practices for changing passwords. It’s easy for unauthorized users to guess passwords and even easier to run specialized software to gain access.
While these may be the basics, it’s still common to find networks where even this level of cybersecurity is missing. When businesses fail to adhere to even the simplest of tactics, they become the low-hanging fruit for hackers. Similar to making sure your car is in working order, simple maintenance can have a big impact on the protection of your network.
What More Can You Do?
The most crucial practice is simply awareness. Hackers and cybercriminals are getting smarter. They’re trolling our LinkedIn and Facebook profiles to find out whom to contact. Hackers have taken millions of dollars from businesses in the Twin Cities. Unfortunately, there is little authorities can do to go after those responsible for the theft.
Consider what happened to a local business last February. hackers impersonated the CEO and instructed someone on the finance team to wire $50 million in transactions. IT can put all kinds of protection in place to prevent breaches, but, we’re all susceptible to ‘spoofing’ or ‘phishing’. This act of theft is similar to making a prank phone call, only it’s via email and can be more sophisticated. If your business is aware, these scams can be prevented.
Employees As Advocates
Helping employees understand their role in managing security is a critical part of your practice. Employees need to know how they can affect the protection of your intellectual property. When the topic of cybersecurity is covered during company meetings it provides an opportunity for staff to become more aware of the threats.
Cybersecurity is an engaging topic because we’ve all experienced a cyberattack some capacity, and we want to know how to protect ourselves. Providing a forum for your employees to discuss cybersecurity allows your staff to express their concerns and collaborate on ideas for managing IT in general. These forums can also shed light on one of the biggest risks in managing security, becoming desensitized. Many businesses are complacent after so many reported attacks. They think they have done what they can, and move on. Many businesses only develop proactive cybersecurity after an event has occurred.
Remember, security is not something you review every now and then. It should be a regular and ongoing part of your IT planning and review, and your business’ strategic plan. Why invest all your time and efforts in planning how to grow your business only to see those plans foiled by a potentially preventable breach? Talk about cyber security with your management team, review your strategy with your IT department, and invest in an awareness campaign with your staff.
Brent Morris is Vice President at SUCCESS Computer Consulting. He helps advise organizations on strategic IT initiatives and provides expert technical support for small and medium-sized business networks in the Greater Twin Cities area. Brent has worked in the industry for over fifteen years and can be seen frequently speaking to businesses on topics including security, cloud, and Microsoft solutions. If you have any other quesions about how to improve cybersecurity, contact SUCCESS Computer Consulting at 763-593-3000