Cybersecurity is critical for an organization, regardless of how big or small, and regardless of the industry you are in. We’ve put together 15 important cybersecurity tips that business owners and organization directors need to take to heart and adopt.
Keep in mind, every organization is going to be a little different, so while these tips do cover a fairly wide range of protection, it likely isn’t the end-all-be-all. We highly recommend setting up a one-on-one appointment with one of the cybersecurity experts at Dresner Group to ensure that your business is properly protected and meeting all of the compliance requirements.
1) Use Strong Passwords
This is one of the most basic tips, but it’s still a major security issue that a lot of people simply don’t take seriously. Nearly everyone is guilty of this at some point or another. All passwords should be complex, using a combination of capital and lowercase letters, numbers, and symbols. Passwords shouldn’t contain personally identifiable information like pet names, birthdates, phone numbers, names, job titles, or hobbies. You can use a string of 4 or 5 random words mixed with numbers and symbols, but these words truly need to be random and not represent anything about you, the account, or each other for the password to be secure.
2) Never Use the Same Password for Multiple Accounts
If a hotel key opened up every room in a hotel, it wouldn’t be a very secure place to stay. The same goes for your passwords. No two accounts should share the same password, because if one account gets compromised (which is something that happens with such regularity that we don’t tend to hear about it much anymore), then other accounts will be vulnerable. This is the leading cause of identity theft and data theft.
3) Don’t Write Passwords Down and Store Them in Plain Sight
Sticky notes on your monitor bezel are no place to store a password. We recommend using a password manager. For businesses and organizations, we highly recommend a password manager designed for business use, that allows an administrator to control policies and manage access. That way, the business always has control over credentials.
4) Consider Strong Password Policies on the Network
Establishing strong password policies forces users to use complex passwords when signing into the network. You can increase this security (and simplify things for the end-user) by utilizing Single Sign On (SSO) which will synchronize some accounts together to use the same login securely.
5) Always Set Up Multi-Factor Authentication
Multi-Factor Authentication (MFA) or sometimes referred to as Two-Factor Authentication (2FA) goes one step beyond the password to allow a user into an account. Traditionally, this involves texting a short code to a phone and requiring that code to finish signing into the account. The better way to handle this is to use an authentication app, like Google Authenticator, Microsoft Authenticator, Authy, Duo, or one of the dozens of others. SMS messages can technically be intercepted, but authenticator apps that generate the code automatically are much more secure.
6) Don’t Connect to Public Wi-Fi
It’s important to stay secure while traveling, and one of the biggest risks involves connecting to public Wi-Fi networks. It’s not that you can’t trust that cute coffee shop or big sprawling conference center, it’s the other people connecting to it. Public Wi-Fi is like taking all of your sensitive information and spreading it out on a big table for everyone to see. You should use a mobile hotspot if you can, or if you do need to connect to public Wi-Fi on occasion, make sure your organization has a VPN so you can connect securely.
7) Make Your Office Wi-Fi Secure, Encrypted, and Hide It
Your business network needs to be set up properly, and that includes your wireless network. Far too often organizations set up standard commercial access points and sort of forget about them once they work. These devices, like any other, need to be kept updated, configured properly, and should be set up so visitors and guests don’t even see them when looking for a network to connect to on their device.
8) Be Skeptical of Emails and Texts
One of the leading causes of malware comes from bogus phishing emails and smishing texts. The most effective types of these attacks tend to look convincingly real, and are designed to look urgent. It could be your bank telling you there is a problem with your account, or Microsoft urging you to log in to something. If you didn’t expect something, question it. If it seems urgent or even slightly suspicious, question it. If you aren’t sure, contact your help desk.
9) Provide Phishing Simulation to Your Staff
Phishing simulation services work like this—fake, safe phishing emails get sent to your staff on occasion. While these emails are harmless, they are designed to act like the real threats. If a user falls for the trap, it reports it, and then provides helpful training to educate the employee. This can usually be provided with additional cybersecurity training to help bolster the security of your entire organization.
10) Keep Software and Operating Systems Updated
Every single endpoint (desktops and laptops), every single server, and every single device attached to your network needs to be kept updated with security patches, product updates, and firmware updates. If nobody is actively doing this right now, you likely have a ticking time bomb on your hands.
11) Plan on Updating Older Systems Before They Reach End of Life
Speaking of updates, sometimes older technology becomes too old and falls out of support. That can include old hardware, but more frequently it covers software and operating systems. Running outdated systems is a huge security risk, because this software is no longer getting support and security. Organizations need to plan ahead and budget technology updates ahead of time to keep things maintained.
12) Always Have a Backup
Not having data backed up is the most irresponsible thing a business can do. Data storage devices are so extremely fragile and finicky—they have limited lifespans, can fail at a moment’s notice, and there are thousands of potential threats that could swoop in and blow all your data away like dust in the wind. Your data should always be stored in (at least) three places. In addition to what is on the original drive in a centralized server, you need to have at least two copies on replicated drives that stay in sync with the first, with at least one copy stored offsite, preferably in the cloud.
13) Test Your Backup Regularly
In case we didn’t make the point in the last tip, data storage mediums are never to be trusted. Even your backup should be reviewed and tested at regular intervals.
14) Implement and Review Internal Security Policies
We mentioned this a little with password policies, but your organization should have a comprehensive list of security policies that are managed and kept updated and documented. These policies would include user permissions, data retention policies, encryption policies, bring your own device (BYOD) policies, and should take regulatory compliance standards to heart.
15) Commit to Regular Security Audits
Cybersecurity (and technology in general) changes so fast these days. It’s critical to revisit everything every 6 to 12 months to ensure that your organization is secure. With the right IT partner driving your technology for you, this can be a lot easier than it sounds. With Dresner Group, we bake security into everything we do (which is just one reason why we’re among Maryland’s best IT companies).
If you don’t feel like your current IT provider is protecting your business, let us take a look at things and help you out. We can fill any gaps and save your organization from a lot of hardship, unnecessary costs, and stress.
Get started right away by calling (410) 531-6727.