With all the threats that stand to create problems for businesses today, it can be surprising to hear that some of the most common security risks result directly from your staff and their exposure to technology. Less surprising to hear; that security issues often interrupt the operations of your business and incur significant financial costs.
Here are a few steps that you can take to help your staff to better adhere to IT security best practices.
1. Password Etiquette
Passwords are used everywhere these days, in both personal and professional environments. You should encourage your employees to adopt the following practices to maintain a more secure IT environment.
Differentiate your passwords.
Let’s face it – people take the path of least resistance which contributes to the unfortunate habit of using the same password for multiple online accounts. The trouble with this habit is that if one account is compromised, a lot of other accounts could also be compromised.
Make passwords hard to guess.
Another habit that we all tend to gravitate toward is to make a password as memorable as we can. This often means that our passwords usually include something about us that is easy to find out – pet names, birthdays, and other details like that. A password should never be easy to guess.
Give passphrases a try.
Passphrases have grown in popularity recently as an alternative to passwords. They are easier to remember and more secure than the old recommendation of assorted alphanumeric characters.
Use a password manager.
To be fair, remembering a unique password (or even passphrase) for all the accounts that the average person has nowadays is a high expectation and contributes to people reusing passwords across accounts for fear of forgetting them. A password manager is a secure program that both generates and saves passwords for a user, meaning the user only needs to remember the one “master” password that opens the password manager.
2. Safe Browsing
A lot of threats out there are designed to fool a user into opening their network to attack. The adoption of safe browsing habits can avoid a lot of IT security pitfalls.
Look twice at the URL. URLs are shockingly easy to disguise, so a malicious link could very easily appear to be something that you would click with almost no hesitation. Take www.google.com. If you were to click on a link that looked like this, you would expect to be brought to the Google homepage, right? However, that is not always the case. One handy trick to use in this situation is to hover your cursor over a link, but not click on it. This will cause the actual destination of the link to appear at the bottom of your browser window, so you’ll be able to preview it before clicking.
Business computers should never be business casual. Some threats to your business can hide on websites that will attack when you download materials from them, or even just when you visit them. Therefore, a work device should only be used for work-related tasks, to better minimize this risk.
Leverage Next-Generation Firewalls. Of course, you shouldn’t rely on staff to make the right choice all the time. Even if they apply their best effort to avoid online threats, accidents can happen. As such, you should compound the efforts your team is putting forth with additional protections like a firewall with layers of protections (built-in content filters, deep packet inspection, intrusion detection/prevention, and application control).
Trust the pros. No matter how simple an issue might seem on the surface, it pays to enlist the help of an IT professional for assistance if you need to quickly act on a security breach or you don’t have an on-staff IT security expert of your own to rely on.
3. Prevent Phishing
Phishing is a very effective means for cybercriminals to gain your trust, making it a common precursor to larger threats. Therefore, you and your staff alike need to be able to spot a potential attack and how to avoid it.
Urgency is a warning sign. Consider emergency signs; are there nondescript recommendations to please proceed urgently with some action? Are there bold fonts, ALL CAPS, or colors and urgent instructions to get people to act quickly? Phishing messages use similar tactics to make their targets panic, trigger a fight or flight response and act impulsively without thinking.
Details are wrong. While this is not always the case, phishing messages can sometimes include misspelled words and odd grammatical choices. If you’re reading an email from a staff member and it doesn’t match the tone or writing style that they normally use, it’s most likely not them. Take a few moments and double-check the details before acting on an urgent request.
Check for legitimacy. If you find a message suspicious, and you have a process to double-check it through another means of communication, do so. The inconvenience of a quick phone call to authenticate the sender could prevent some very serious ramifications for your business.
4. Data Security
Depending on your industry, the data you collect and store could potentially be very valuable. A cybercriminal could make anywhere from $40 to $200 per record by selling sets of a person’s name, address, phone number, and credit history on the Dark Web. Bank details are a prime target for thieves. If your business stores that type of information anywhere, you can be certain there are bad actors with the motivation to access it.
Restrict data access. You need to enforce considerable authentication measures, so your data is securely accessed. Two-Factor authentication measures should be implemented to reduce the risk of a data leak.
Update your security. Cybercriminals are always busy trying to devise new methods of undermining your business security and the good cybersecurity developers are always looking for ways to thwart them. So, as patches and updates are released for new and developing threats, you need to make sure that you are implementing them in a timely fashion.
Regulatory compliance. Regulations exist for many industries and are intended to maintain cybersecurity standards. This includes the Payment Card Industry Data Security Standard (PCI DSS) and assorted state and federal privacy laws that have recently been adopted. If you aren’t compliant and it’s required for your industry, you need to fix that immediately.
Back up your data. Whether due to a malicious attack or bad luck, data loss can happen and it’s one of the worst financial losses that a business could face. Insulate yourself by maintaining a 3 -2 -1 backup strategy: three copies of your data on two different types of media and one copy offsite.
Following these considerations can greatly contribute to the overall security of your business and its operations.