As a result, it’s important to take a fresh look at cybersecurity to evaluate the safety of the network, systems, and data. Here are ten items that can be integrated into a company’s IT policies to increase cyber security:
This is an authentication method that requires computer users to provide multiple pieces of information to log-in to a system, program, or website. The use of an application that will send an alert, requiring action (acceptance) to a mobile phone is a common way to utilize multi-factor authentication.
It is more important to adopt a passphrase consisting of 16 characters or more, rather than a password. A passphrase does not have to be overly complex; but should consist of letters (upper and lower case), numbers and some symbols. User passphrases should to be unique to the workplace and not used in conjunction with personal accounts, e.g. personal email accounts, social media, shopping, etc.
You can update administrator settings to make computers lock with a short time-out screen saver lock to aid users in remembering to lock their computers.
USB flash drives are a common tactic used by cybercriminals to gain access to systems and networks. Use of these devices creates a significant risk of introducing malicious programs and giving outsider access to a company’s systems. For example, hackers visit office locations and even residential homes and intentionally drop USB flash drives in parking lots, walkways, etc. where they will be noticed and picked up. Inquisitive people will insert these devices into their computer which is enough for customized malware to execute and create backdoors in computer systems and networks. A decent hacker coding malware is often not picked up by traditional anti-virus software. This could cause debilitating damage, loss of confidential data, privacy intrusions, including activation of web cameras and microphones, etc. Materials obtained, utilizing methods such as these, have been used for extortion purposes. Executives, as well as any staff member, are vulnerable to these methods utilized.
Phishing e-mail scams are occurring in abundance. The sooner the IT Department is aware of any issues, the sooner they can investigate it and hopefully prevent someone else from falling for the scam. Another layer of protection is to not download images or set systems to automatically download pictures in HTML email messages.
As of the beginning of 2020, Windows 7 Operating System is no longer supported by Microsoft. If Windows 7 is still in use, the company’s operating system is no longer being updated with security patches and, as a result, is very vulnerable to cyber-attacks.
It is possible that there are security holes in the firewall if it has not been configured recently. Firewalls are predominately the first line of defense to keep networks and devices safe, but the configuration should be reviewed regularly for any issues. A firewall is only as good as it’s configuration, rulesets, and maintenance.
Conduct a business continuity assessment and cybersecurity assessment. A backup failure in the event of a cyberattack could be catastrophic to a company’s ability to continue or resume operations. Performing a business continuity assessment can identify potential problem areas in the event of a security breach or other event. A cybersecurity assessment can identify security risks within a company’s systems to help defend against a potential attack.
Conduct incident response exercises via a 3rd party accessor that reports to the legal department and/or the CEO for unbiased results.
Personally identifiable information (PII) data is the ‘new credit card data’. Consider protecting PII data with the same and/or similar security controls as would be used for payment card industry (PCI) data. To help keep customer data safe, even in cases where criminals manage to compromise systems, company operators should keep PII, financial data and POS information separate from all other data stored internally. Choosing a reliable payment processing partner with leading-edge technology may help mitigate the threat to credit card issuers and cardmembers. Finally, as a precaution, businesses who use credit card point of sale (POS) machines to process data should frequently search for malicious devices on POS terminals and swiping equipment.
Ultimately to better protect a business and be in line with recent regulatory laws such as the General Data Protection Regulation (GDPR), CCPA, etc., organizations should collect the least possible amount of PII on customers, have a clear purpose for each data element, and make sure to always keep data encrypted and safeguarded, both in transit and at rest. The following are some safeguards to protect the data and the company:
There are many ways to increase cybersecurity for businesses. The ideas above are a few ways to get started. The human firewall, however, is one of the most important aspects of a good cybersecurity policy and can be implemented immediately and with little cost. A human firewall is the well-trained employees that help to secure the network and protect the business, and it is the first line of defense against cybercriminals.
The external perimeters of the business environment have significantly changed due to COVID-19, cloud architectures, edge computing, and a highly distributed workforce. However, some things never change, i.e. the ‘internal’ environment must have equal, if not greater, security than the external environment. Internal impacts have been among the biggest damage caused to organizations. Having appropriate oversight of the inner perimeter is critical, since it is employees who handle day to day confidential data and systems.
Republished with permission from Resort Trades, copyright October 2020.