Is your business protected from cyberattacks?
Cybersecurity may seem like an intimidating term and a daunting process. However, protecting your business from breaches should be a top priority, and it’s not as complicated as you may think. A few preventive measures can help keep your office secure from debilitating, costly cyberattacks and spare you more than a few headaches. Here are a few steps you can start taking today.
Protect sensitive data
Restricting the number of people who have access to sensitive information is key to avoiding unnecessary leaks. For both physical and electronic access, consider operating on a “need to know” basis.
- Set up your networks so that only the necessary people are permitted to access certain information.
- Practice a “clean desk” or “put away” policy to ensure that desks are free of sensitive information when employees leave work.
- Limit network access on computers that are in public areas, such as the reception desk.
- When printing, make sure you use the copier’s secure printing feature so that sensitive data can only be printed once you enter a pin code.
- Be especially careful to keep all printed files containing private information on clients, employees or patients locked away outside office hours.
- Personal information is very sensitive, so make it a policy to automatically destroy information that’s no longer necessary on a routine basis.
- Conduct routine audits to make sure your staff is properly following the security policies.
Physically secure your space
In addition to protecting your electronic network, you should also secure your physical space from intruders. These steps can make the difference between business as usual and the nasty surprise of a security breach.
- Place all confidential information under lock and key.
- Install an alarm system to prevent break-ins.
- If visitors are allowed on the premises, make sure they are carefully identified before entering your workspace.
- Consider extra features such as video surveillance equipment and security patrols to optimize your office protection.
Limit portable technology and Wi-Fi
Laptops and smartphones are very convenient, but they’re also the perfect point of entry into your company’s IT system, especially when connected to Wi-Fi. Keep in mind that off-the-shelf systems rarely provide sufficient protection for sensitive data. The kind of public wireless networks you log into, for example, in coffee shops or airports are usually highly hackable. Hackers can easily install malware, intercept unencrypted data or simply steal your log-in credentials and passwords.
Train your staff to:
- Limit the use of personal laptops and smartphones and restrict the transfer of sensitive information to a minimum.
- Never leave portable devices unattended.
- Add a time-out feature that automatically restricts access after a period of inactivity.
- Delete confidential information when it’s no longer needed.
- Protect all confidential information by encryption and password.
- Try to refrain from using Wi-Fi when it comes to accessing systems that store sensitive personal information.
Only do business with people you trust
Relationships based on trust are the backbone of any good business. Your team and suppliers will have access to some of your software and sensitive documents. Therefore, when you start off a new business relationship with a new stakeholder, verify their backgrounds and make sure they handle confidential information properly – and that you are legally protected in case they don’t.
- Work with a specialized firm to verify your employee’s professional and criminal backgrounds.
- Share the data protection protocol with all employees on a regular basis.
- Make sure that your suppliers respect your company’s specific security measures.
- Verify that you are legally protected if a supplier misuses confidential data, and that the supplier has insurance to cover the necessary remediation.
Protect all hardware and software
In order to prevent loss or mining of sensitive information by worms, Trojan horses or viruses, you should always have the latest version of these security programs installed:
When you want to access your network remotely, the best way to proceed is via Virtual Private Network. A VPN uses dynamic passwords generated by VPN tokens and requires a two-step authentication that is essential for secure access. And although you’ve heard it before, it bears repeating: don’t forget that all your passwords should be changed on a regular basis.
Also, make sure you have solid policies in place to dispose of old technology. You should certainly not rely solely on the “trash” or “delete” button on any device. The foolproof solution is to physically destroy the devices, especially the memory cards.
Backup, backup, backup
We cannot stress enough how important it is to always backup your files and software. This is your life jacket if you ever find yourself in the deep water of a cyberattack. And of course, your backup copies are vitally important if you accidentally delete a critical file or experience a hard-drive failure.
All data should be backed up using a formal protocol. You should have a recovery system in place so that a cyberattack cannot destroy your personal and confidential data. Always remember to create more than two backup copies. They should be physically disconnected from your computer when the backup is complete.
When it comes to cybersecurity, you’re always better safe than sorry. Making sure to follow secure procedures at every step to maintain a secure business environment is a small price to pay compared with the headaches and costs of cyberattacks and ransomware.
If you’d like to know more about protecting your business from cyberattacks, contact your broker.