Nowadays, it feels like not a day passes without us hearing about some new data breach or hacking incident. Whethere you’re an individual or a big business, as long as we interact with computers, we are at risk of being targeted by these digital miscreants and their illegal ways.
Businesses are especially at risk as they usually own silos of sensitive information that make hackers drool. To hackers, they look like treasure chests waiting to be unlocked, holding spoils of great value. Businesses of all size, during this day and age, should be aware of this. They should know that they are a target, and hence, should do what they can to always make sure that all the doors are locked.
Be too relaxed, and they risk damage to their reputation, damage to the consumers that put their trust in them, the theft of valuable trade secrets, and disruption to the daily flow of business. To help out, we’ve prepared some basic tips here to help today’s businessman keep themselves cyber-secure.
1) There’s no silver bullet
The first thing that you must realize about cybersecurity is that there is no one option that will protect your business from all threats. Effective cybersecurity requires a multifaceted approach. This means covering all potential weak points – from systems that run on outdated architecture to employee behavior. Each point needs its own solution. For example, an encryption system is great for protecting communications, but is useless if an untrained employee leaks the key.
It boils down to this: whatever solution you put up, the whole team should be onboard, aware, and cautious.
2) Manage user privileges
Everyone needs access to certain systems – like network drives, printers and email – to do their job. However, one mistake many companies fall into is granting employees full access to systems. This creates several security risks, as nearly any employee can access and leak sensitive data. Even worse, if a hacker compromised even one user account, they’d have instant access to extremely sensitive data – everything from accounting records to client information.
To mitigate these risks, use the principle of least privilege. Each user account should start with the absolute minimum privileges necessary. If they require more access, they can go through a special requisition process. At the end of their project, internal IT staff should remove their access privileges. This ensures no user has extended access beyond the scope of their position.
3) Be aware of smart devices, and not just traditional computing devices
In the era of the Internet of Things, nearly every device comes internet-enabled, whether we want it to be or not. Unfortunately, no matter how useful these devices are, they come with an inherit set of risks. Take, for example, a demonstration performed by 11-year-old Reuben Paul, who exploited a vulnerability in a Bluetooth-enabled teddy bear and had it record a message.
What’s even more shocking is that Paul was able to use a Raspberry Pi to take advantage of the Bluetooth in an audience, downloading their phone numbers. This included the numbers of several high-ranking officials in attendance.
When we consider our digital security, we tend to think only of what’s most obvious, like computers and servers. However, phones, smart watches and even devices like printers require protections. Printers work by temporarily storing information sent to them for printing. An unsecured printer is an easy and unlikely target for thieves. Securing your printer – and other devices – with passwords and hard-drive encryption will help lock down the stored data.
4) Use strong passwords
You’ve heard this countless times before but it needs to be constantly reiterated because a lot of us are still guilty of choosing a convenient password – sometimes across many accounts – rather than complex, secure ones that are different for every account.
So we say this again: it’s important to make sure they’re secure. A strong password – when combined with measures like two-factor authentication – is a deterrent against hackers. Ideally, passwords should have a mix of letters, numbers and special characters. It’s your first line of defense. If you can discourage hackers at the first touch-point, it’s more likely they’ll move on to a different target who’s a little less mindful of their password.
And here’s another basic tip: your company should only allow a set number of log-on attempts before the system automatically locks a user’s account. This will prevent hackers from using a brute force attack to guess passwords.
5) Invest in training employees
Finally, one of the keys to securing your company’s sensitive information is to train your employees on the importance of cybersecurity and best practices. After all, a chain is only as strong as its weakest link.
Start the training process by committing to regular discussions with employees about cybersecurity. These discussions should include all levels, including upper management and IT staff. These users actually face increased risk, as they usually have the highest user privileges. You’ll also benefit from integrating these talks into your onboarding process. New employees, no matter their backgrounds, should be briefed on the company’s data policies.
One last note: Employees should be aware of hacking through social engineering. In these scenarios, employees could receive calls or other communications from a person claiming to be a co-worker. These people will typically ask what seems like benign information, but it could be used to reverse-engineer security questions or otherwise cause a data breach.
In order to keep your business safe, both socially and financially, it’s important that you take the steps necessary to develop and implement a strong cybersecurity initiative. This includes training your employees, securing your devices and acknowledging that no one solution will solve all your problems. Your business is your – and your employee’s – livelihood, and needs all the protection it can get. – Rappler.com