With the start of a new year, it may be a good time for businesses to review their cybersecurity posture and realign their policies with industry best practices. The following ten cybersecurity tips were recently published during National Cybersecurity Awareness Month as a resource for small businesses. However, these guidelines could very well apply to a business of any size.
1. Employee training
Establish basic information security practices with employees, from requiring strong passwords and appropriate internet usage to how to protect customer information and other sensitive information.
2. Keep clean machines
Maintain the latest security software, web browser, and operating system to guard against viruses and malware. Install key software updates when they are available, and set antivirus scans to run after each update.
3. Provide firewall security
Protecting your internet connection is critical. Ensure the operating system’s firewall is enabled. For remote workers, ensure that their home system(s) are protected by a firewall.
4. Create a mobile device action plan
Require employees to password protect their mobile devices, encrypt data, and install security apps to safeguard information while the mobile device is on public networks. Ensure procedures are in place should a mobile device be lost or stolen.
5. Make backup copies
Ensure a plan is in place to regularly backup data offsite or in the cloud. Word processing documents, spreadsheets, databases, human resource documents, and accounting files are all highly sensitive and should be backed up automatically if possible.
6. Control physical access to hardware
Ensure laptops and mobile devices are physically secure to prevent theft. All employees should have separate user accounts with strong passwords. Administrative privileges should be limited to IT personnel or other key staff.
7. Secure your WiFi networks
Secure, encrypt, and hide your WiFi network. Password protect access to your router, and ensure it does not broadcast your network name (SSID).
8. Secure payments
Isolate payment systems from other programs which may not be as secure. The computer you use to process payments should different than the one you use to search the internet.
9. Limit access to data
Avoid providing one employee with access to all data systems. Employees should only be given access to specific systems to perform their jobs.
10. Passwords and authentication
Require employees to use unique passwords that are changed every three months. Implement multifactor authentication to further safeguard accounts.