Updated: Dec 1, 2020
By Tony Snow
Over the past few articles, I have written about the importance of protecting your business’ digital assets. However, when it comes to actually implementing security systems and processes, many struggle to know where to begin.
It doesn’t matter how big or small your business is – if the data that is held within it is of interest to unsavoury characters, then your business could be at risk.
Here we offer five simple tips (in no particular order) and explain how they can help your business stay one step ahead of the cyber beasties.
Manage and install software updates. Patches add new features to software, but also they often fix security vulnerabilities.
Ensure that you have a process and system to backup key data. Have a backup of key data including email, so that if any malicious attacks occur, a backup can be restored. Having files and data on the cloud is NOT a backup. It is a place to store them, but does not necessarily offer a backup service. Meaning if your data gets compromised – you still may not be able to return to operation or get it back.
Implement multi-factor authentication (MFA or 2FA) across your systems. With privacy and customer information access and security becoming a legal requirement, anyone who logs in to your system will need to provide something else on top of their username and password, to verify that they are who they say they are.
Implement security awareness training for users and team. Train your staff to know what to look out for. Make sure they understand what to do in certain circumstances. Have a plan and disaster recovery options, which should include a privacy statement. And make sure that your organisation has a privacy officer as part of the new legislation.
Secure your network. Consider and think about the connections both going in and going out of your business network when you start thinking about how to secure it. Install antivirus and key technology tools on all devices. Don’t let mobile phones or non-work related devices connect to the company Wifi – have separate access for these devices that are separate from the company network. This would include those where they have been working from home in a less secure environment. If you have staff working remotely, check how they are connecting – implement the above – and when patching is done, ensure the kids games are removed.
It’s important to remain diligent when it comes to cyber security. Don’t just make policy, make sure your policies are consistently followed by your team.
Even if you instruct employees not to store password lists, financial data, and other sensitive information on email storage, you should still periodically check that your policy is being acted upon.
By educating your staff to spot potential threats and not letting your guard down you can build a company culture that is security-minded. You can also adopt a training policy that gives your employees the tools they need to deal with online threats effectively, thus benefiting your company and your clients.
To find out more, Bay of Plenty Business News readers can register for FREE tickets and come along to the Stratus Blue Cyber Security event on 14 or 15 October, which is held in partnership with industry partners in Cyber Security.