October is cybersecurity month–and that makes it the perfect time to improve your cybersecurity measures and protect both your employees and your business as much as possible. Cyberattacks have been on the rise over the past couple of years. More people than ever have found themselves impacted by those attacks, either because it has hit their business or because they have been affected by the shutdowns and disruptions caused by those attacks. Is your business protected? Follow these steps to help improve safety and security throughout your business.
1. Set up training for your employees.
Did you know that as many as 88% of cyberattacks are a direct result of employee error? Most employees do not have malicious intent when they open the doors to a hacker. They may, for example, simply click on the wrong link in an email or provide the wrong information during a phishing scam. Nevertheless, the impact of those attacks can be felt throughout the organization. Make sure your employees have the right training to:
- Protect themselves and the company online.
- Identify potential scams and avoid them.
- Create solid passwords and utilize other strategies that can help protect your data.
- Use the right measures to ensure physical asset protection.
- Notify the right people and take the right actions in the event of a potential breach.
October is a great month to set up that training, since it serves as an annual reminder of the steps you need to take to protect your business.
2. Institute effective password requirements.
Many organizations are still stuck back on the advice to have employees change their passwords regularly. Regular password changes, however, may actually decrease your employees’ overall password security, since they’ll be more likely to use simple passwords that are easy to remember. Instead, try some of these password policies and requirements.
- Ask employees not to use the same password for multiple applications. Ideally, there should be unique access information for any application that contains secure data.
- Consider using multifactor authentication to help employees better protect their accounts, especially those that may deal with sensitive information.
- Use password managers so that employees can use more secure passwords without having to remember complex strings of letters and numbers.
- Do not use dictionary words, names, or other common references as part of a password.
With these simple strategies, you can often improve overall security throughout your organization and make it easier to protect your data integrity.
3. Schedule your annual testing.
In many industries, an annual pentest is part of your compliance requirements. A penetration test can help identify PCI, HIPAA, or other industry-specific violations. If you haven’t put yours on the schedule, October could be a great time to step up and make sure that you’re ready to protect your business.
As you’re scheduling your pentest for this year, however, keep something else in mind: it’s not compliance that you have to worry about. Compliance standards in many industries lag far behind the actual current standards when it comes to malware. New exploits come out every day, including exploits that have the potential to bring down your network. This year, commit to going beyond compliance and closing some of those more dangerous holes.
4. Take care of any needed updates in your software or systems.
Updates and patches get pushed out for many of the programs, apps, and platforms that you use on a regular basis. Some organizations, however, do not install those as soon as they come out, especially if they have other demands on the IT team’s time. If your system has gotten behind on its updates, however, you may have glaring security holes that could pose a challenge to your security. As you prepare for cybersecurity month, make sure you take the time to handle those patches and updates so that you have the best protections possible in place for your system.
5. Create policies for your physical security.
Whether your organization has a Bring Your Own Device policy that encourages employees to bring their own phones or you need to worry about laptops that frequently leave company grounds, it’s important to have a policy in place that governs physical security. Your devices could be all the information a hacker needs to make its way into your system. Your physical security factors policies may include things like:
- Never leaving devices unattended outside the office
- Protecting devices with strong passwords
- Locking devices when users leave their desks in the office
- Reporting lost or stolen devices promptly
Make sure your employees fully understand those physical security requirements and the potential dangers associated with them.
6. Test your continuity plan.
Does your business have a continuity plan or disaster recovery plan that will help keep you up and running in the event of a cyberattack or natural disaster? October is a great time to test that plan. Make sure you can restore your business from your backups and that you have all the data you need. Test how much data you have the potential to lose in a disaster: for example, what would it do to your business to lose an entire day’s worth of data? Can you afford those losses? This month, make sure your business is prepared for potential disasters, from ransomware to natural disasters.
7. Check your remote worker security plan.
Many businesses still have workers at home or working on a hybrid model, where they only come into the office part of the time. Those workers may pose unintentional threats to your organization’s cybersecurity, including:
- Poor network security
- Vulnerable machines in the home
- Little awareness of overall security measures
- Private devices used for work purposes
Make sure that your remote worker security plan has been updated for 2021 and that those workers are also protected.
Are you ready to celebrate Cybersecurity Awareness Month, including increasing your organization’s overall awareness of potential security issues? Do you have questions about your organization’s security and the measures that could help protect it? Contact us today to learn more about our cybersecurity services.
