As a business owner often you have to reevaluate your business’s cybersecurity plan. The technological landscape is changing constantly, and outdated hardware or software could lead to vulnerabilities in your network. It’s never worth cutting corners if it means that valuable data or proprietary software could be leaking outside of your company.
With that said the question is often, “How do I tell if my network is not secure?” Most businesses already practice a lot of common cybersecurity strategies: encrypting files, unique passwords for each user on a network, phishing test emails for employees. But the most important practices in cybersecurity stretch beyond these basic tactics. To really make sure that your company’s information is safe, it’s best to make sure your cybersecurity plan includes all of the following:
Losing important files can threaten your operations and put your business on its back foot, causing you to struggle to recover lost time and effort. When this happens, it's important to know your options for data recovery.
CBS advises that you engage in some form of “Business Continuity Disaster Recovery,” (BCDR) a plan that can help you backup your data in case a disaster strikes.
Sometimes a disaster is a cyberattack from a hacker through a vulnerability in your network, but more often than not files are lost due to computer crashes, human error, or simply lost data. This potential downtime can negatively affect revenue and cause you to retread steps you’ve already wasted time on before.
Having a complete BCDR plan allows you to navigate these issues with ease. You can think of it like your business’s safety net, when data is lost it’s easy to recover a saved backup, saving you time and money. This kind of backup also assists in remote work, allowing you to access files off of servers from anywhere, allowing you to work from home or in the field without worrying about saving files to the wrong computer or storage device.
Disaster planning is vital for business continuity. Keep your data backed up and create a disaster policy with procedures in place for your team should an emergency data loss scenario occur.
A section of cybersecurity that people often overlook are the devices connected to your office’s network. Printers, copiers, fax machines, and so on that are connected to your network can open doors into your office and give unwanted visitors access to your sensitive data.
You can prevent this by taking steps to ensure that your devices are not easily accessible. Place printers and other devices in secure locations around the office, where cameras or employees can see who is accessing them at all times. By using a two-step verification process, you can allow only verified users to access these devices, preventing unauthorized users from using them as a back-door to your network. You can even encrypt the data that passes through your printers as an extra precaution.
Also be sure to keep these devices up to date and well maintained! Outdated software or hardware can present vulnerabilities in your network! The same can go for your standard computers in the office.
Many businesses have moved to hybrid or remote work following the COVID-19 pandemic. In the rush to move to homes and begin working from private laptops and computers, many companies skipped steps in securing their information. When all data is being passed around locally in the office, it’s hard to see how someone could steal that data easily. But when that data leaves the office, it becomes much harder to keep track of.
If your office participates in remote work often, the first thing you should do is set up a VPN on all of your employee’s computers, both in the office and for personal laptops used remotely. Making it so someone has to have a log in to access your files helps protect important data.
Secondly you need to make sure that you are transmitting files securely. Using a safe cloud storage platform for your company’s important documents and emails, such as hosting through Microsoft Teams and OneDrive, can help reduce risks in file transmission. Avoid emailing or using message services such as Messenger for delivering files, as these can often be met with phishing attempts and create other vulnerabilities. Uploading files directly to your cloud network is safer, and often faster than other methods.
Most importantly, make sure that your employees are not using flash drives or other extended storage devices to transfer files. If multiple people in a household have access to a computer that can download your company’s files it can result in unauthorized users downloading files to USB drives, which can then be transferred through multiple hands or simply dropped and lost without being able to be tracked. Be sure to instruct employees about safe cybersecurity practices and consider employing USB tracking software to detect when employees are attempting to transfer data, and to detect what files are being transferred. Lastly, you can even disable the USB ports on all your company owned computers.
Be sure to inform your employees of how to secure their home printers and similar devices if they are working remotely as well!
One of the most important tenets of cybersecurity is that you should always be anticipating an attack rather than recovering from one. If your data has been stolen, lost, or leaked it’s too late to take action against it!
In order to stay ahead of the game, it's important to make sure that you have up-to-date patching, licensing, and protection from malicious malware. Be sure to do routine network scans to check for malware or other harmful data and consider getting your current cybersecurity programs assessed or audited to be sure you don’t have harmful gaps in your firewall.
Schedule regular training seminars or send out regular emails with guides for employees to learn better cybersecurity practices, make sure that everyone in the office is on the same page when it comes to protecting your data! Conduct regular company phishing tests to see who is and who isn’t following company guidelines.
Be sure that your staff changes their passwords at regular intervals as well. Non-administrative users should be changing their passwords every three months, and admin accounts should be changing their passwords every 45–60 days. Make sure passwords are not generic, simple, or repeated with minor tweaks (such as hello1 becoming Hello12) as these can make it easier for unauthorized users to access important data. And be sure, above all else, not to share passwords between coworkers!
The most forgettable, but easiest to employ cybersecurity practice is to keep things organized. Be sure that you and your employees have clean workspaces physically and digitally. Do not just save every file to one folder, strategize a proper organization system for files and documents to be sure that nothing is lost, and that no one has to sift through hundreds of unorganized files to find what they are looking for. Many times, when files are lost it’s just because someone named them something unconventional or saved them to a folder they should not have been in.
Physical organization can help as well. If your USB drives, phones, and documents are left on your computer while you are away, anyone could tamper with them during your absence. Even worse is getting up from your desk and leaving your computer on and accessing company files, especially when working remotely. Worst of all, being disorganized in such a way makes it so that when something goes missing, there can be a lengthy delay in someone noticing if it is not easily noticeable that something is missing.
Another helpful tip for organizing is that when you work in an online role you often need multiple passwords for multiple accounts, websites, programs, computers, etc. It can be very tempting to write these down on post-it notes, on your phone, or in a notepad on your desk, but all of these create security risks. Rather than organizing your passwords in these ways, consider subscribing to a password manager that can encrypt your passwords and keep them safe from prying eyes.
If you have followed all of these practices but are still worried about your network’s security, or if you think your business could use assistance in setting up a better cybersecurity plan, then you should sign up for Central Business System’s Business and Technology Assessment.
By signing up on our website, you can receive an audit of your network and 2 free consultations to help you determine where your weaknesses lie, and how you can better improve your network.
Lexington Location (Main HQ):
(859) 276-1699 (Fax)