In a world where cyber attacks occur every 39 seconds and target three-quarters of organizations, it’s obvious your business can’t afford to be sloppy when it comes to cybersecurity.
If you’re not sure where to start, though, here are five useful pointers to help you out:
1. Use Strong Passwords
Password security is no joke. In fact, around 81% of business data breaches occur because employees use weak passwords. That, and it seems that over 70% of employees reuse passwords too.
– If you’re not sure how to come up with powerful passwords, here are some tips:
– If possible, include space characters within the password (so “c a t” instead of “cat”).
– Alternate between lowercase and uppercase letters, and add numbers and symbols into the mix.
– Avoid dictionary words. If you have to use them, try reversing the words.
– Avoid obvious substitutions (like “$hip” instead of “ship”).
– Make your password long. NIST recommends making passwords eight-character long, but feel free to go up to 15 characters or more.
– Try making your password an acronym for a phrase (“YutvNe3w“ for “You used to visit Norman every 3 weeks”).
– If you need to save time, just use a secure password generator like Norton’s Password Generator, SafePassword, or 1Password’s Generator.
You should also use password management software to make keeping track of passwords simpler and safer. After all, you can’t just have your employees write down passwords on sheets of paper.
Some secure and easy-to-use password management solutions include Bitwarden, PSONO, and LessPass.
And make sure you change passwords regularly. Every month would work well, but you can also change them weekly or bi-weekly if you prefer.
Also, don’t use the same password for all accounts. For example, you should have a different password for your company’s MailChimp account than you do for the Slack accounts.
2. Use Multi-Factor Authentication
Multi-factor authentication is an extra layer of security that requires you to enter additional info (a code you get by SMS, or a code generated by an app) to complete the login process.
So, even if a cybercriminal manages to get their hands on an employee’s login credentials, they’ll still need to get through another authentication process.
If you can implement multi-factor authentication on your own company’s intranet, that’s even better.
3. Get a VPN for Your Employees
A VPN (Virtual Private Network) is an online service that can hide IP addresses and encrypt user traffic, keeping it safe from cyber attacks.
Making sure all your employees access your work network with a VPN is a must if you want to properly secure your business data. That way, they can easily connect to the network from anywhere – their homes, the coffee shop where they spend their breaks, on the bus/train/metro, etc.
And they can do that safely – even if they use unsecured WiFi network (which they’re going to do, let’s be honest). Since the VPN encrypts their online communications with your company’s network, any hacker who would try to monitor the traffic will just see gibberish and nothing more.
Besides that, a VPN would also be very useful if you do a lot of video conferencing with clients, partners, and employees. Why? Because it further secures your VoIP traffic by encrypting it, adding an extra layer of security alongside the VoIP service’s own encryption.
Corporate or Commercial VPN?
It’s really up to you. If you have the resources and manpower, you can set up your own corporate VPN, though it can be time-consuming, and you’ll need to have a dedicated person or team monitor and maintain the network.
Commercial VPNs are more convenient, on the other hand. The provider takes care of everything for you, and you just need to implement it company-wide.
Finding the right provider for your business can be tough, but you can skip the hard part by just checking out Private Internet Access (PIA) directly. They offer unlimited bandwidth, highly-secured connections, tons of servers and gateways, and simultaneous connections on up to 10 devices.
To learn more about PIA, check out this Private Internet Access VPN review.
4. Keep Security Software and Operating Systems Up-to-Date
It goes without saying you need to use antivirus/anti-malware programs to secure your work network, as well as all employee and business devices.
But you also need to make sure your security software stays up-to-date. Don’t disable automatic updates. Sure, their timing can be a bit annoying at times, but consider this – a security software update can sometimes be all that stands between you and a new type of malware.
And besides the antivirus/anti-malware program, you also need to regularly update your OS. If you don’t, cybercriminals can exploit system vulnerabilities to target your network. For example, if you have Windows installed on your work computers, and don’t have the MS17-010 update, hackers can expose you to the Eternalblue exploit.
5. Offer Your Employees Cybersecurity Training
One of the best ways to protect business data is to make sure employees know how to keep it safe. That’s why you need to offer them cybersecurity training that covers everything from password management and device security to threats like phishing, spam, malware, viruses, and vishing.
How do you make sure employees follow the training? Here are some tips:
– Enforce compliance programs – like requiring employees to change the passwords they use for work accounts every month.
– Encourage employees to hold each other accountable and discuss cybersecurity issues in the open.
– Set up an anonymous reporting system if you’re worried people won’t follow the rules.
– Lastly, reward employee efforts – like giving someone who spots phishing emails and reports them a day off, for instance.
Proper cybersecurity is more important than ever for your business. If you don’t take it seriously, you expose yourself to data breaches, phishing attacks, and malware infections (just to name a few examples).
That’s why you need to:
– Create secure passwords.
– Use multi-factor authentication on work accounts.
– Get a VPN for your employees.
– Constantly update your OS and security software.
– Offer your employees cybersecurity training.