News on data breaches, cybercrime, and invasion of privacy have saturated the headlines in the recent years; and this inevitably creates concern for companies, small businesses and large enterprises alike. Hackers continue to enhance their tools and scout for new cyberdefenses to penetrate, and any business remains vulnerable to a cyber attack.
- Raise awareness and educate your employees. It is the employees who can either be your best line of defense or your weakest link. Conduct hands-on training that employees can easily understand and relate to. A video or PowerPoint presentation sent via email is definitely not enough. It would help for employees to get practical training, such as a phishing simulation.
- Regularly back up your data and test them. While it is important to prevent attacks, it is better to be safe and ready in case of a data breach. Back up all your electronic spreadsheets, human resources files, financial files, databases, accounts receivable/payable; as well as those stored on the cloud. Aside from this, you must also regularly test if the back-ups are working.
- Make a safe password practice a common practice. Employees can find changing their passwords regularly tedious and time-consuming. However, most data breaches became possible due to weak passwords. Train your employees to use passwords that contain both upper and lower-case letters, numbers, and symbols.
- Keep a documentation of cybersecurity policies. Keeping a written cybersecurity policy ensures that all employees are on the same page. Document all protocols, checklists, tools, and policies, and make employees formally acknowledge that they have perused the document.
- Use a firewall. A network firewall provides a barrier between your data and cybercriminals. Ensure that your operating system’s firewall is enabled and working. If you have employees who work remotely, make sure that their computers have firewalls installed, too.
- Always use multi-factor identification. An extra layer of protection will help in securing valuable data. A two-factor or a multi-factor identification requires an employee put in a code sent to their mobile device after putting in the correct password for the account they are accessing.
- Limit employee access. Give employees access only to data, software, and information that they need for their jobs. Giving them access to everything will increase the chances of security to be compromised. Some positions might require more access to data than others, so make sure that their activities are well-monitored, as well, to reduce insider threats.
- Secure mobile devices. Some businesses allow employees to use their own mobile devices for work purposes. If you are one of them, you need to have a mobile device action plan in place. Require employees to use data encryption, password-protect their devices, and install security apps to keep cybercriminals from stealing vital information when they are on public networks.
- Seek the help of HR in data protection. Assign your HR team to create and execute an efficient offboarding process, in which access to separating or separated employees are systematically removed.
- Automate software updates. Do not leave system updates to the users’ discretion, as this task can easily fall through the cracks considering the other tasks on the employees’ plate. Whenever possible, automate tasks that are easy to overlook, but are essential in keeping your business secure.
Contact us at Hogan Injury for expert legal advice.
None of the content on Hoganinjury.com is legal advice nor is it a replacement for advice from a certified lawyer. Please consult a legal professional for further information.