In part 1 of this series on reducing cyber security risks for businesses, we discussed 7 ways you can maintain your cyber security. In part 2, we named the top attack vectors cybercriminals use to infiltrate your IT security. In part 3, we explained how layered cybersecurity works.
To wrap things up in part 4, we’ll provide a list of 15 tips you can use as a quick reference while you’re setting up your company’s cyber security attack plan.
TL;DR: Now that you’re prepared with your newfound cyber security awareness, it’s time to put your learning into action. Start your path to better cyber security risk management with these 15 tips. Contact Interplay to get started.
It can be tempting to share passwords so you can limit the number of licenses you need for a cloud service, but each shared password opens your company to cyber security risk. Considering how much costs add up if you become the victim of a cyber attack, it’s probably worth it to pay that extra $10/month for additional cloud licenses.
In the past, entire rooms were dedicated to shared file cabinets and the only time anyone would clear out old files is when overstuffed file drawers couldn’t fit any more paper. Now that we’re all going paperless, it’s harder to tell when those digital “file drawers” are overstuffed – which gives cyber thieves a lot more they can steal.
Anything can happen: lightning storms, power outages, ransomware attacks, “oops” moments. If your files suddenly vanished, how much irrecoverable time would it take for you to restore all your financial info, contact records, calendar appointments, and contracts? If you regularly back up your local and cloud data, the answer would be “about 15 minutes.” (Maybe a few hours, if the problem is ransomware.)
A cybercriminal’s favorite trick is to convince your employees to willingly hand over their passwords. Why? Because then the criminals don’t have to worry about all those cyber security risk management tactics you put in place – they just have the same access one of your employees does. Make sure there’s no one employee with access to 100% of all your systems and records just in case the cybercriminal manages to get hold of their password.
One of the best ways to keep cyber thieves from figuring out employee passwords is to use bizarre, hard-to-remember passwords. As a quick tip: “MyCompany123” is not a secure password, but “Y7u8$bnGaQ1m>0” is. Since it’s also best practices to use a unique password for every application, this adds up to a lot of impossible-to-remember passwords. To help generate and use strong passwords, we suggest using a password manager like 1Password.
For extra security, make sure to always turn on Multi-Factor Authentication (MFA), which requires an additional step for verification. For extra, extra security, try a Zero Trust strategy, which requires re-authentication for all sensitive data.
It’s 11 AM. Do you know what’s happening in your network right now? Most business leaders don’t, and that’s completely understandable. After all, you have to know what’s going on with the business and top customers right now – who has time for paying attention to a network?! Cybercriminals know you’re too busy to watch for them, so make sure you have automated tools or actual people scanning for anomalous network activity at all times.
The best way to prevent a cybercriminal from harvesting your employees’ passwords is to train your staff to avoid phishing attacks. Fortunately, there’s a great way to do this: KnowBe4. This is a computer training program that teaches you and your employees how to identify red flags that may indicate phishing attacks, but it doesn’t stop there. KnowBe4 also sends out constant reminder “tests” in the form of simulated phishing emails to keep your office on its toes. This is, hands down, one of the best ways to reduce cyber security risks for businesses.
To exchange data over a network or the internet, you must open ports – kind of like opening a window to let in the fresh air. Some access ports need to be open all the time, to allow emails to send for example, but some of them should be closed when not in use. Just like that window, bad stuff like thieves and bugs can get in if you leave your access ports open all the time. The more devices and networks you use (i.e. the more WFH “offices” and IoT devices you have) the more ports you have open. Find them. Close them.
Hanna’s great, but does she still need to have all the passwords to your cloud accounts two years after she’s quit? It can be hard to remember to change all the passwords on your accounts when you’re scrambling to fill a vacated position, but the more people who know your passwords the more security risks you have. Plus, you shouldn’t be paying for Hanna’s cloud account anyway now that she’s gone – and you listened to us on Tip #1 and didn’t share passwords, right?
For some weird reason, manufacturers think we all want all our stuff to connect to the internet these days. Smartphones are one thing, but smart washing machines and smart kitchen appliances seem unnecessary. Remember: every connection to your internet or network creates an open access port – and IoT devices tend to have a lot of access ports for some reason. To be safe, make sure those smart kitchen appliances can’t connect to your office network because they’ll provide an open window into your company data.
If someone pulls up in your office parking lot, can they scan for Wi-Fi and find your router? Obviously, you’ve password-protected that router so they can’t just log in and use free Wi-Fi, but wouldn’t it be better if they didn’t know your router’s name or whereabouts at all? (Spoiler: yeah, it would be better.)
Things change fast in the cyber security risk landscape. Things also change fast in your industry. To keep up with all the changes in your industry, you probably read a trade magazine like Engineering Weekly. (We don’t know if that’s a thing, but it should be.) To keep up with all the changes in the cyber security threat landscape, it’s a good idea to read security-focused blogs like Krebs on Security, FireEye, KnowBe4, Dark Reading, or CSO Magazine. For an easier read, try our blog!
As we said, things move fast. Every day there are new cyber security risks for businesses. Depending on the severity of these risks, that means you could have patches and updates to install on all your devices every single day. Here at Interplay, our IT security experts frequently install updates on clients’ computers… and then install even newer updates the very next day. The point is that no matter how often those patches are released, you cannot fall behind.
Mobile devices are, you know, mobile and stuff, so you and your staff could be using phones, tablets, and laptops at a coffeeshop, in an airport, at a bar, or on the ferry. This means you could also mistakenly lose those devices in all those locations. If you lose your device, or if it’s stolen, Mobile Device Management tools will help you remotely wipe all the data from the device, so at least the finder / thief doesn’t get access to a smartphone and your clients’ business checking account numbers.
As they say, “there’s no such thing as a free lunch.” There’s also no such thing as free Wi-Fi. The dangers of free Wi-Fi are pretty well known by now… but, nevertheless, there are times when you have no choice but to login using an unsecured internet connection. When you find yourself in these situations, make sure to protect your company data as much as you can.
Like so many aspects of the digital world, your cyber security tasks and approaches will change dynamically as you find out new information and as cybercriminals develop new tactics. These 15 tips are meant to help you build a solid cyber security foundation for your company, but you’ll want to keep adjusting to defend against all the latest threats year after year.
Fortunately, you have help. For those of you here in Seattle, we’d like to introduce you to the friendliest, most fun, and most supportive and nice team of IT experts you’ve ever met.
For 20+ years, the friendly and knowledgeable IT services team at Interplay has helped business leaders across a range of industries get more out of their tech, stress free. Not only are we always (and we mean always) happy to offer the best managed IT services, support, and advice, we’re also the team you can trust for the best cocktail recommendations here in Seattle or in Disney World – we’re versatile! All humor aside though, we’d love to help you get your IT running smoothly and securely, around the clock.