5 Cyber Security Tips for Your Business

Monday February 27, 2017

 
"Don’t wait until after it is too late. Implement cyber security practices at your company today!"

Brenda Boomer | bboomer@peabodyinc.com

Article Courtesy of: Insurance Market Source

Cyber security is a topic that is discussed often times too late. Many business owners do not realize that one of the biggest security threats they have is right in front of them—their employees. When thinking about security, business owners need to look inward, not outward for their first line of defense.

1. Authentication management is crucial

Passwords and securing entry points to the network, while basic, are very important to all businesses. A password policy should be in place and should require a degree of complexity. As a business owner, you do not want employees using simple passwords such as a spouse or pet’s name. Simple passwords are easier to crack. Anyone can easily access a password cracking program online to infiltrate a device or progam. Hackers may also use reverse social engineering to follow an employee on social media networks, such as Facebook, to see interests and what is important to the employee— leveraging their personal life to create password hacks. For this reason, make passwords more complex by using a mixture of upper and lower case letters, numbers, and symbols. Passwords should be changed every 90 to 120 days.

2. Practice good password habits everywhere

Good password hygiene is just as important for employees after they leave the office. The reason for this is that many people use the same passwords at work and at home. To help alleviate this, it may be worth using encrypted applications called password lockers. These types of apps store all passwords and generate very complex passwords for the user. If deciding to go this route, use a paid service, look at reviews, and find a provider that makes backups of the password files. In addition, employees are often allowed to use personal devices to access email or content in the office. Data may be sent via text message back and forth. When this persists outside of a controlled environment, it presents a Cyber liability risk. The company can be held liable for any information lost through an employee’s personal device. Companies can use third-party mobile device management (MDM) systems that can be purchased on a per user basis. If an employee were to lose a personal phone or leave the company, the business owner could remove business content without impacting the user’s personal information.

3. Phishing

Phishing is one of the most common ways for hackers to affect an organization through emails. The email is crafted in a way that seems legitimate. It may ask for an electronic fund transfer or have a link for package tracking. The email typically mimics an internal user, such as an executive assistant or controller. Businesses need to be aware that there are very intelligent hackers out there. When an email does not look or feel right, learn to question it, and if it feels too good to be true, it probably is. Be cognizant that these behaviors exist and hackers will attack in the private and business world. Hackers can build a complex web through social engineering and information that is available in the public domain. They can piece together information on what an employee is doing, who they work with, and who they are.

4. Do not click “remind me later”


Make sure all updates are being run on time. In many instances, updates get turned off. Business owners should create a schedule or use built-in automatic update features. Do not allow employees to change these update times. Each update from a manufacturer helps patch known vulnerabilities in the system. The same holds true with antivirus software and personal devices. As soon as an update comes through, install it right away.

In today’s world, one of the key reasons for running a backup is to protect business data. It is not a matter of if a company will be hacked, it is a matter of when. An employee may accidently launch a virus in a business environment, or even worse, launch ransomware. Ransomware is a hacking tactic that blackmails companies into paying for their own information that is being held hostage. In this case, there are two things that can be done. On one hand, a company could pay the individual and hope they send the key and do not target the business again. Or, the company could restore the previous night’s backup, making them go away. The latter is preferred. There are plenty of cloud based or backup drive solutions for companies. Each of these tips will help business owners from the inside out. Cyber security issues will only heighten going forward, and it is important to educate internal employees regularly.

Article Courtesy of: Insurance Market Source