Digital technology is an absolute requirement for most businesses these days. Reaching new markets and increasing productivity and efficiency means access to broadband and information technology. However, businesses need a cybersecurity strategy to protect both their data and their customer’s data from the never relenting forces of cybersecurity threats.
1. Train employees in security practices and policies
Implement basic security practices and policies, such as requiring strong passwords. Establish appropriate Internet use guidelines in your Employee’s Manual and detail penalties for violating company cybersecurity policies. Create rules of behavior for handling and protecting customer information and other vital data.
2. Protect information, computing devices and networks from attacks
Keep your devices clean. Ensuring that you have the latest security software, web browser, and operating system is the best defense against viruses, malware, and other online threats. Schedule antivirus software to run a scan after each update as well as on a regular basis. Install other key software updates as soon as they are available.
3. Establish firewall security for your Internet connection
A firewall is a network security system, either hardware- or software-based, that uses rules to control incoming and outgoing network traffic. Software is built into Mac- and Windows-based PCs. Ensure operating system firewalls are enabled or install free firewall software available online. If employees work from home, ensure that their home network and systems are protected by a firewall.
4. Establish a mobile device plan
Mobile phones, tablets and other mobile devices create significant security and management challenges, especially if they contain proprietary information or can access the business network. Users should be required to password-protect their devices, encrypt their data and install security apps to prevent the theft of information while the device is on public networks. Implement reporting procedures for lost or stolen equipment.
5. Keep backup copies of important business data and information
Backup the critical data on all computers on a regular basis. Critical data includes documents, spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically on an ongoing basis, if possible. If ongoing, automated backups are not possible, daily backups should be performed. At a minimum–an absolute bare minimum–backup data weekly and store the copies either offsite or in the cloud.
6. Control physical access to your computers and create individual user accounts for each employee
Prevent the physical access or use of business computers by unauthorized individuals. Laptops are easy targets for theft or loss, so keep them locked up when unattended. Ensure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.
7. Secure Wi-Fi networks
Wi-Fi networks need to be secure, encrypted, and hidden. Hiding your Wi-Fi network means setting up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router. Access to the router should only by trusted IT staff and key personnel.
8. Establish best best practices for payment cards
Work with banks and processors to ensure that trusted and validated tools and anti-fraud services are implemented. Check to see if you have any additional security obligations pursuant to agreements with your bank or processor. Keep payment systems isolated from other, less secure programs. Never use the same computer to process payments and surf the Internet.
9. Strict limits on employee access to data and information and limited authority to install software
You should not not provide any one employee with access to all data systems. Access should be given only to the specific data systems that they need for their jobs. Employees should not be able to install any software without permission. Software installation privileges should only be given to trusted IT staff and key personnel.
10. Passwords and authentication
Employees should be required to use unique passwords and change passwords every three months. Consider implementing multi-factor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multi-factor authentication for your account.