Many companies believe that in order to enhance their cybersecurity defenses, they need to invest tens of thousands of dollars into new state-of-the-art hardware and software products. Faced with the prospect of breaking the bank, some companies throw caution to the wind and hope that they can somehow remain under the cybercriminals’ radar. However, there are practical steps that can be taken that do not require any capital expenditures and, instead, consist of just a few hours of well-invested time; an investment that could save hundreds of hours needed to recover from a devastating data breach. Below are just a few key strategies to help keep your business safe and secure:
- Identify and document your sensitive data.
- It is difficult to protect your data if you don’t know where it is located. How and where does sensitive information come in and out of your company? Where is the sensitive data stored? Who can access these locations? Once you have documented the answers to these questions, you can then begin the process of putting the proper technical and administrative defenses in place.
- Keep your desks clean.
- At the end of the day, or when an employee is leaving their work area for an extended amount of time, be sure to implement a clean desk policy. A clean desk policy means that any sensitive documents need to be placed in a secure location and not left on the desktop for unauthorized individuals to see. If there are any sensitive documents that are no longer needed, shred them or place them in a secure receptacle for future shredding. To avoid having someone access a computer that they should not be using, instruct users to lock their systems when leaving (pressing the Windows key and the L key at the same time) and have password protected screensavers enabled that activate after a few minutes of idle time.
- Secure your mobile devices.
- Require a password, swipe pattern, or biometrics, on mobile devices because if one is stolen, the process of the thief trying to break the password will allow time to locate the device or remotely wipe it before your data is accessed. Also, since phones and tablets are not immune to virus infections, be cautious before installing any questionable application on your device, as there are many malware-riddled apps, just waiting to find their way onto your device.
- Hope for the best but prepare for the worst.
- You may think you’re backing your data up, but have you tested to see if your backups are viable and can be restored? Taking the time to do a periodic viability test on your backups can help you avoid being unable to restore your data in the event of an actual disaster such as a ransomware attack. Also, have a disaster recovery plan in place that walks through the steps needed to recover from different catastrophe scenarios, and be sure to test the plan at least once a year.
- Educate your users on the importance of data security.
- The best policies and safeguards in the world won’t really matter if end users don’t understand and practice good security habits. Turn your employees into your company’s most formidable defense against attacks by making sure they receive the necessary security training, combined with periodic communications when new threats arise. Oftentimes, the only defense that can prevent a successful spear phishing attack is an employee who knows how to identify a suspicious email. Having this “human firewall” in place to protect a company’s data is the most critical defense a business could have.
Although budget constraints may prevent most businesses from acquiring a wish list of security purchases, the aforementioned tips show that there are still many actions that can be taken to better secure your business. And while these actions have no price, the security they provide to your company may ultimately prove to be priceless.
For more information, contact us at TRAC@citrincooperman.com.