Cyber Security Best Practices
Cyber security threats are growing, and that businesses of a kinds are falling victim to cyberattacks. Some industries are more likely to be under attack than others (a shocking 89% of healthcare organizations have had a data breach or theft in the past two years!), but small and large businesses alike in any industry can lose millions of dollars and their reputation with customers after a breach. The average cost of a healthcare data breach, for instance, is $2.2 million.
Defeating cybercrime is a continuing process and will be for the foreseeable future. So what can you do to protect your sensitive business data from threats?
Create a cyber security culture
Your first step in data security should always be to raise awareness and train your employees on the importance of data security and best practices. You can simplify this process by having a designated person be up to date and educated in cyber security to teach the team on an ongoing basis.
At the moment, workplaces are changing drastically, we are seeing a rise in things like people wanting to work from home or use employee-owned devices within a business (BYOD). Traditional security measures often prove ineffective in protecting data on these endpoints. Like it not, technology is changing the way people work, instead of imposing arbitrary restrictions on new devices and risk forcing employees to work around the IT department. It would make sense to think how you can cope with change.
Back Up Your Data
We are seeing an increase in data and an increase in our reliance on that data. We are also seeing an increase in sophisticated attacks on that data. Although ransomware can still be an issue if copies of the data exists, making backups is an important part of any cyber security plan. You should back up your data regularly, and store it in a different location than the original data. This will help to protect it from both cyberattacks and physical damage or theft.
Backups don’t generally contribute to revenue generation. However, ignoring backup and documentation can cost a corporation millions.
Beyond keeping up with the rise in BYOD, it is important that we don’t focus solely on new endpoints, as more traditional endpoints are constantly opening up to new risks.
Earlier this year, a study by Ivanti, showed that only one-third of businesses have full visibility into their IT environment (physical, virtual, online, offline, etc.). And while almost half (46%) have partial visibility, 18% have no visibility or reporting capabilities at all.
Considering the scale of hacking we saw in 2017, this is surprising and shows how vulnerable we still are.
Require Strong Passwords
Almost all of us fall short when it comes to our own personal online passwords. About 59% of people re-use passwords, and many people use the same passwords for every site. Worse, many people share passwords—even work passwords—with friends or family.
With this in mind, you should insist that employees use strong passwords. These passwords can be paired with two-factor authentication for even stronger security. Remind your employees that work passwords should not be shared with anyone—sharing passwords opens your business up to data theft—and worse.
Set strict guidelines and policies
If you don’t have any guidelines for how your employees should use sensitive data and company devices, there’s no time like the present. You should have policies on employees accessing data from multiple devices, best practices for spotting email scams, and how to respond in case of a breach. It’s important to have consequences for not following guidelines—otherwise, they’re just words.
As an elementary step toward protecting sensitive data, your IT staff must set clear usage policies and strictly enforce compliance with them. For example, you might require teachers to use school-issued smartphones that have security software installed. You’ll want to also closely monitor how students and staff use new products or apps, both on and off the school’s network.