Are you relying more today on technology to keep your business running or growing? In a work-at-home world, many businesses are experiencing a substantial increase in remote communication, such as the use of Zoom Meetings, increases in email, text, or other electronic communications.
Larger companies who require or rely on outsourcing software development may be facing financial pressures in a bad economy to try and save money by pushing software development offshore.
The current business environment is full of economic pressures and changes. These economic stressors are impacting your employees, management, and even the technology infrastructure your company is relying on. Systems with limited use are often now being stressed or used in different ways than originally intended. Whether it is the stressed employee or the mailbox with twice as many emails or an infrastructure that hasn’t been updated to address increased demand, businesses today face mounting risks of cyber attacks in a variety of forms.
The same is true for consultants or others working for you outside of your normal workforce. The problems with cybersecurity exist everywhere. If your consultants are in another country, you now are facing different laws (or no law) governing responsibility and standards of practice.
With all of these stresses, there is vulnerability. And when vulnerability increases, cyber villains see opportunity. This means that at a time when your system is stressed the most, there is also a greater number of attacks happening as a result of the target-rich environment caused by the system stress.
How You Can Cover the Basics
Many businesspeople are intimidated when it comes to cybersecurity, seeing it as either too complex or too hopeless. The response too often is to ignore the problem and hope nothing happens. That isn’t a strategy. It isn’t a plan and it isn’t responsible.
The good news is that an awful lot can be done just by covering the basics. So, what should you do to improve your cybersecurity environment? Instead of ignoring the problem, start by paying attention to the basics. Here’s what you can be doing:
1. Secure your files. Back up important files offline, on an external hard drive, or in the cloud. Those with paper files need to make certain paper files are secure as well. There is a tendency with all of the focus on technology to lose sight of older information that contains a lot of personal, confidential data.
2. Require Passwords and Update Password Policies. Every company laptop and any laptop handling any company business should have a password. This applies to tablets and smartphones as well. You should also have a policy prohibiting these devices from being left unattended in public places.
3. Update your software. Because cybersecurity is a concern across the board, app and software developers often build greater security into new releases. That means by updating software and applications, you often get the benefit of increased security. While some apps/software updates automatically, you should set up automatic updates on any other programs.
4. Encrypt your devices. Any devices that might contain sensitive personal information (laptops, computers, tablets, smartphones, cloud storage solutions, backup systems) should have encryption technology in place. If not, you should replace any devices that are not capable of handling encrypted data.
5. Use Multi-factor Authentication. Sometimes this seems like a hassle to many, but multi-factor authentication systems are getting easier to implement and adopt. When those settings are available, your company policy should require that they be implemented.
On the Network side, you should definitely:
1. Secure your router. Again, a couple of little things can be very helpful. You can change the default name and password for the Router; turn off remote management features and be sure to log out as the administrator once the reconfiguration/setup is complete.
2. Use at least WPA2 Encryption. An encryption process protects information sent over your network so it can’t be read by outsiders. Does your Router offer WPA2 or WPA3 encryption? Is it turned on (you’d be surprised how often this happens)?
Make Cybersecurity Part of the Culture
Lastly, but probably most important, make sure cybersecurity is part of the culture of your company. We recommend requiring three fundamental steps that will help make cybersecurity part of your company culture. They are:
1. Train all of your staff. The fastest way to impact your company culture on cybersecurity is to be certain that everyone is trained. Training does not have to be complicated or stressful. Often, something as simple as having conversations about email safety and standards can go along way toward keeping your staff thinking about security. Keep the training updated regularly. There are tests and challenges that you can send out that not only identify weaknesses but become training tools that also keep people thinking about the issue. The benefit comes from more than the training. The training itself keeps people thinking about the issue and talking about it more. Those are the activities that help make security part of your company culture.
2. Require Strong Passwords. Ideally, the passwords should be 12 characters or more with a mix of numbers, symbols, capital, and lower case letters. Your password policy should not allow passwords to be reused and should prohibit your employees from sharing passwords on the phone, in texts, or by email. Additionally, you should limit the number of unsuccessful log-in attempts to limit the number of password-guessing hacks.
3. Have a plan in place for saving data, running your business, and notifying your customers if you do experience a breach. The FTC has published a guide: Data Breach Response; A Guide for Business that lays out the steps you should take. You can find it at FTC.gov/databreach.
You should keep in mind that this information is just covering basics and is not a sophisticated plan. Once you’ve taken care of the basics, and you should do that right away, it is always a best practice to get an analysis of your cybersecurity needs by a trained professional. In these unusual times with people, resources and infrastructure are causing and experiencing strains never before seen, your company’s vulnerability is probably at an all-time high.
Start by doing the little things.
Wayne Hippo is an owner and Managing Partner of PS Solutions, a software development and consulting firm with offices in Altoona, PA, Pittsburgh, PA, and Wilmington, NC.
You can reach Wayne at firstname.lastname@example.org