10 Cybersecurity Tips for Businesses in 2021


Many businesses especially those in the hospitality, retail and healthcare industries have been rife for cyberattacks and have experienced many notable cyber breaches in the last few years. The months during the pandemic have seemed to amplify cybersecurity issues. There has been a large increase in cyberattacks, including the targeting of private industry networks through various means. Cybercriminals and nation-state actors are using the pandemic as an opportunity to orchestrate cyberattacks through a variety of means, e.g., targeting networks, devices and staff as a means to gain entry into networks. These cybercriminals have been known to bring down companies for extended periods.

As a result, it’s important to take a fresh look at cybersecurity to evaluate the safety of the network, systems, and data. Here are ten items that can be integrated into a company’s IT policies to increase cyber security:

1) Implement Multi-Factor Authentication

This is an authentication method that requires computer users to provide multiple pieces of information to log-in to a system, program, or website. The use of an application that will send an alert, requiring action (acceptance) to a mobile phone is a common way to utilize multi-factor authentication.

2) Adopt a Passphrase Over a Password Policy

It is more important to adopt a passphrase consisting of 16 characters or more, rather than a password. A passphrase does not have to be overly complex; but should consist of letters (upper and lower case), numbers and some symbols. User passphrases should to be unique to the workplace and not used in conjunction with personal accounts, e.g. personal email accounts, social media, shopping, etc.

3) Require Employees to Lock Their Computers When Not in Use

You can update administrator settings to make computers lock with a short time-out screen saver lock to aid users in remembering to lock their computers.

4) Do Not Allow USB Devices to Be Inserted Into Company Computers

USB flash drives are a common tactic used by cybercriminals to gain access to systems and networks. Use of these devices creates a significant risk of introducing malicious programs and giving outsider access to a company’s systems. For example, hackers visit office locations and even residential homes and intentionally drop USB flash drives in parking lots, walkways, etc. where they will be noticed and picked up. Inquisitive people will insert these devices into their computer which is enough for customized malware to execute and create backdoors in computer systems and networks. A decent hacker coding malware is often not picked up by traditional anti-virus software. This could cause debilitating damage, loss of confidential data, privacy intrusions, including activation of web cameras and microphones, etc. Materials obtained, utilizing methods such as these, have been used for extortion purposes. Executives, as well as any staff member, are vulnerable to these methods utilized.

5) Require Employees to Forward Suspect E-mails to Your IT Department

Phishing e-mail scams are occurring in abundance. The sooner the IT Department is aware of any issues, the sooner they can investigate it and hopefully prevent someone else from falling for the scam. Another layer of protection is to not download images or set systems to automatically download pictures in HTML email messages.

6) Update Your Windows Operating System

As of the beginning of 2020, Windows 7 Operating System is no longer supported by Microsoft. If Windows 7 is still in use, the company’s operating system is no longer being updated with security patches and, as a result, is very vulnerable to cyber-attacks.

7) Review and Update Firewall Configurations

It is possible that there are security holes in the firewall if it has not been configured recently. Firewalls are predominately the first line of defense to keep networks and devices safe, but the configuration should be reviewed regularly for any issues. A firewall is only as good as it’s configuration, rulesets, and maintenance.

8) Conduct a Business Continuity Assessment and Cybersecurity Assessment

Conduct a business continuity assessment and cybersecurity assessment. A backup failure in the event of a cyberattack could be catastrophic to a company’s ability to continue or resume operations. Performing a business continuity assessment can identify potential problem areas in the event of a security breach or other event. A cybersecurity assessment can identify security risks within a company’s systems to help defend against a potential attack.

9) Conduct Incident Response Exercises

Conduct incident response exercises via a 3rd party accessor that reports to the legal department and/or the CEO for unbiased results.

10) Protect Customer Data from Credit Card Fraud and Prevent Stolen PII

Personally identifiable information (PII) data is the ‘new credit card data’. Consider protecting PII data with the same and/or similar security controls as would be used for payment card industry (PCI) data. To help keep customer data safe, even in cases where criminals manage to compromise systems, company operators should keep PII, financial data and POS information separate from all other data stored internally. Choosing a reliable payment processing partner with leading-edge technology may help mitigate the threat to credit card issuers and cardmembers. Finally, as a precaution, businesses who use credit card point of sale (POS) machines to process data should frequently search for malicious devices on POS terminals and swiping equipment.

Ultimately to better protect a business and be in line with recent regulatory laws such as the General Data Protection Regulation (GDPR), CCPA, etc., organizations should collect the least possible amount of PII on customers, have a clear purpose for each data element, and make sure to always keep data encrypted and safeguarded, both in transit and at rest. The following are some safeguards to protect the data and the company:

  • Ensure firewalls are secure
  • Store data in secure locations on servers
  • Make sure only the minimum data needed to market to your customers is taken and keep the data encrypted
  • Talk to tax and legal advisors about how to reduce your risk in these areas

There are many ways to increase cybersecurity for businesses. The ideas above are a few ways to get started. The human firewall, however, is one of the most important aspects of a good cybersecurity policy and can be implemented immediately and with little cost. A human firewall is the well-trained employees that help to secure the network and protect the business, and it is the first line of defense against cybercriminals.

The external perimeters of the business environment have significantly changed due to COVID-19, cloud architectures, edge computing, and a highly distributed workforce. However, some things never change, i.e. the ‘internal’ environment must have equal, if not greater, security than the external environment. Internal impacts have been among the biggest damage caused to organizations. Having appropriate oversight of the inner perimeter is critical, since it is employees who handle day to day confidential data and systems.

Republished with permission from Resort Trades, copyright October 2020.

For questions or to learn more, please
contact a member of Withum’s Cyber and Information Services Group.

Author: Lena Combs, CPA, CGMA, RRP, Partner | Amy Lafontaine, CPA


Cyber and Information Security Services

Previous Post

Next Post