Buckle Your Cyber Seatbelt: Three Steps for Every Business
Every day, we take actions to protect ourselves – from illness, theft, and accidents. We take vitamins and wear more layers when it’s cold outside. We lock our cars and houses. We wear seatbelts when we drive.
We do these things routinely, without questioning the merit of the maintenance. We just know, instinctively, that doing so helps keep us safe.
But sometimes we still need to be reminded to do certain things that we know are good for us, like eating well and drinking more water and driving slow in bad weather. It’s the same when it comes to safeguarding ourselves in a computer-based world: we know we should be doing things to stay healthy and safe, but we still don’t always actually do them.
Unfortunately, not doing them can cause things to get real bad in a real hurry. It just takes one wrong click.
Luckily, effective cyber security for your business doesn’t have to be complicated. And paying attention to just a few key steps is like buckling your company’s cyber seatbelt.
First: Have a plan.
A cyber breach is not something you want to decide how to deal with after it happens. There must be a plan in place in order to respond quickly and effectively. Coming up with a plan is the first, and most time-consuming, step – but once it’s done, it’s yours forever.
Larger companies likely have dedicated Information Technology departments and already have response plans in place. Smaller businesses may use an IT vendor, and should have discussions with them about either creating a plan or communicating what the plan is. Even smaller companies may be handling cyber security entirely on their own – if at all. No matter which category applies to you, there are questions to ask (and answer), and resources available to help.
Developing your plan begins by understanding how your computers and network are protected. If you were to be hit by an attack, would you know who to call? Would you know who your vendors are? What would be the first thing you’d do?
Next, make sure to back up your data. This seems like an obvious rule, but there’s a much more important component to this part of a cyber security plan that many people miss: Make sure your access to the backed-up data actually works. Have you ever practiced restoring the data that (you think) you’ve responsibly secured? If not, you might be in for a not-so-pleasant surprise.
Here’s why: One type of attack that’s becoming more and more common among cyber thieves is called ransomware. This is when critical information from your business is obtained and held hostage until you pay for it to be released. If you haven’t tested your data recovery process to make sure it works, you may find yourself at the mercy of the thieves who hacked your system and stole valuable information.
Your cyber security plan should also include internal practices on updating passwords, protecting physical access of computers and mobile devices, and adhering to routine maintenance schedules. The plan should be a priority, and it should be reviewed and updated regularly. If you take the time to create a solid plan but then never really look at it again, it won’t be effective.
Don’t fret if you’re not sure how to begin. The Federal Communications Commission and the Department of Homeland Security have free resources to help you get started and customize a cyber security plan for companies of all sizes.
Second: Educate the User (that means you and your employees)
Now that you’ve performed a cyber health check and created a response and maintenance plan, it’s time to look at the people who can un-do all that hard work in less than a second: your employees. This is where education becomes so very important.
We interact with computers every day, and yet many of us simply aren’t aware of the dangers we’re up against every time we log on. We hear stories about unsuspecting victims of cyber crime – people sending money or personal information to what appeared to be a completely legitimate source, or clicking on a hyperlink without first thinking about the content or sender.
Regular training can help employees identify suspicious activity. And it will help them know what to do if something doesn’t look right – because they’ll have that nifty action plan to refer to at all times. When someone sends an email with instructions to wire money somewhere, for example, your employees are your first line of defense. You want them to have all the tools possible to keep you safe.
Deploying periodic “phishing campaigns” to your employees is always a good idea. These “fake” emails help demonstrate how savvy cyber thieves can be in their communication. Throwing out a few test emails throughout the year to see how many people in your company respond to them allows you to gauge how well your training is working. It also prompts people to be more diligent, especially if they got suckered into clicking on one of your phishing tests.
Again, there are resources to help you here. And they are free.
Third: Know What’s Going On
Just as we check the weather and watch the news, we should always have some idea of what’s going on with cyber security. So many things change – quickly – in the digital world. Computer access isn’t a luxury anymore. It’s an expectation and a necessity, like electricity. We need it to work and live.
Fortunately, there’s a rather large community out there that talks about cyber security – a lot. From online forums to local business seminars to full-blown national conferences, there are people sharing stories and best practices and helping others succeed. You can take advantage of these events, so you don’t feel like you’re taking it on all by yourself.
The best thing about knowing what’s going on is that it helps you feel more aware about the importance of cyber security for your business. And that awareness will help you integrate it into your daily life.
Our computers and mobile devices hold so much of our possessions – valuable pieces of information about ourselves and our customers. It’s not like the good old days either, when everything was on paper and locked in your file cabinet. It’s in your pocket when you’re in the store. It’s on vacation with you. It’s on your bedside table.
It’s vulnerable on so many levels. It’s up to us to protect it.
EMPLOYEE-OWNER, INFORMATION TECHNOLOGY INFRASTRUCTURE MANAGER