From ransomware to targeted cyber-attacks, no business is immune from cybercrime. But there are measures every organisation can take to protect themselves, their sensitive data, and their employees.
1. Educate your employees
The human element is the greatest and most unpredictable threat to a secure network. People make mistakes, and while most mistakes can be easily fixed and don’t have serious consequences, there’s always the risk of a serious data breach or other major security issue.
Employee education is the best method of prevention in this case. Everyone should know how to safely use the internet and email, how to spot phishing and other scams, and understand data security and the implications of GDRP as it applies in your organisation. And, every new employee should receive this same training as part of their onboarding experience.
2. Use strong passwords (and protect them)
It’s hard to stay ahead of hackers who dedicate themselves to breaching an organisation’s defences. One important way to keep data secure is by keeping online accounts protected.
The highest priority when it comes to this kind of security—at least, for employees—is creating strong account passwords. Instituting a password policy is one of the easiest and most productive things your organisation can do to improve network and data security.
Strong passwords should:
- Use a combination of upper and lowercase letters, numbers, and symbols.
- Be 12 to 16 characters.
- Not use any dictionary words, nouns, or names, either forwards or backwards, in any language.
- Not contain any identifiable number or letter strings such as birthdays or the Pi sequence.
It’s also important to have policies in place regarding how passwords are used: employees shouldn’t share their passwords, write them down, or send them via email.
3. Keep software updated
One way in which hackers gain access to an organisation’s network is by exploiting software loopholes that the software developers haven’t yet fixed. Developers such as Microsoft are continually focused on improving product security by updating and improving security features, but they also focus on closing those loopholes as they’re discovered. Generally these fixes are made available via download.
So, making sure all software the organisation uses—including operating system and all applications—is kept updated is an important part of keeping hardware, and the network, secure from cyberthreats
4. Handle sensitive data with care
Any company that deals with sensitive data must develop protocols that keep the data safe and secure. Sensitive data takes a wide range of forms—in some cases it simply means a company’s financial data—which means most organisations of any size have at least some sensitive data they need to safeguard from external threats such as hackers, and internal issues such as accidental data loss. Some ways to safeguard data from internal and external threats include:
- Perform regular data and system backups. Don’t leave things to chance—in the event of an accidental data loss, you need to be able to restore the lost data as soon as possible to prevent any kind of outage.
- Restrict access to sensitive data. Differentiate between sensitive and non-sensitive data, and then restrict access to sensitive data strictly on an as-needed basis. Use identity and access management protocols to ensure that sensitive data can only be accessed via secure means.
- Use data encryption. Encrypt sensitive data to add another layer of protection.
5. Dealing with BYOD
The bring-your-own-device trend—where employees can work on their own laptop computers, tablets, or even smartphones—is taking off in some workplaces. In others, it’s being eschewed due to security concerns.
Perhaps the most positive aspect of this for organisations is the potential to save money on hardware. It can also be an employee morale and even productivity boost, too, as everyone is able to work using the devices they feel comfortable with.
The downside? It’s much harder to ensure that everyone’s using compatible software and applications, and that everyone is keeping their devices and laptops updated with the most current versions of the software these use. Even more concerning, it’s infinitely more difficult to ensure that the organisation’s own network is adequately protected.
Any organisation that does consider introducing a BYOD policy must be vigilant about employee education, and about protecting the corporate network. For instance, using encryption on mobile devices and laptops is a crucial layer of security that can help employees ensure the data they store on personal devices is kept safe.
Mobile devices should also be password-protected. Device owners can also enable password lockouts, where the device locks itself if repeated failed access attempts are made in a short period of time. Remote wiping is another essential feature that can help protect data stored on mobile devices. With remote wiping, the data stored on a smartphone can be deleted remotely if the device is lost or falls into the wrong hands.
If you want to take your business’ cyber protection even further, contact ACUTEC today.