I’m sure many of you don’t know that October is National Cyber Security Awareness Month. Isn’t that exciting news?! The problem is that Cyber Security should be an “Every Day Awareness,” and not just on our radar for the month of October.
We live in a digital world, and it’s a “scary” digital world indeed. Protecting your corporate environment is a must. If the unthinkable occurs –As a result of a hurricane (we just saw a big one!); ransomware (a growing threat!); or even a zombie apocalypse (Hey, it could happen.)– And your corporate environment is breached, there are a number of horrible things that can happen to your business. Think about it. Did the breach result in a loss of business due to your inability to come back online quickly? Was corporate intellectual property stolen? Did hackers obtain sensitive customer information that could be abused? Just ask Sony, Target, Home Depot and a host of other companies who were successfully compromised. You can even look to last Friday (10/21/16) when some of most popular internet sites came crashing down. How much business and trust evaporated because of a failure to enact sufficient security measures?
The biggest reason companies don’t deploy robust security measures is due to cost. Many executives fail to see the value in spending money in defense of their corporate systems. We’ve heard more than a few executives say things along the lines of, “It won’t ever happen to us. We have an anti-virus program in place which will be fine.” The fact of the matter is you need much more than that. Along with an adequate detection program that can alert you of a possible breach, you also need proper backup and recovery services to restore your systems quickly eliminating extended down time. Finally, you need a written policy for “Cyber-Hygiene” for your business. A list of Cyber “Do’s and Don’ts” that should be reviewed with all personnel. Here are 10 we find helpful for our clients. Perhaps you will too:
#1
- DO make sure that when you connect to a wireless connection, you are connecting to the proper network, otherwise known as SSID.
- DON’T assume that because the name may sound similar that it comes from a trusted source.
#2
- DO use passwords that include a mix of upper and lower-case letters, including special characters.
- DON’T use names/numbers of your dog, family members, street address and birthday.
#3
- DO take advantage of dual or multifactor authentication. Many websites now offer securities beyond just a username and password, such as a token, smartcard, PIN, or even user-selected security images that you will recognize upon login.
- DON’T use username and password only when other options are available.
#4
- DO maintain a list of passwords in a safe place, and change them at least quarterly. We recommend using LastPass!
- DON’T keep the same passwords without changing them.
#5
- DO keep your corporate passwords separate from your personal passwords.
- DON’T keep reusing your personal password for you company password, or vice versa.
#6
- DO make sure that your computer has the latest patches and virus signatures loaded.
- DON’T assume that the virus detection software works perpetually with computers.
#7
- DO use cloud data systems (like Dropbox or Google Drive) to upload and share non-confidential data.
- DON’T trust friends, family and associates with your password (NEVER give your password to ANYONE!) or with using your personal computer when you are not present.
#8
- DO back up data onto removable media and store in a safe place.
- DON’T assume someone else has the responsibility to maintain and protect your data.
#9
- DO check E-mails carefully to ensure that the source header is from a valid address.
- DON’T fall prey to clicking a link from malicious websites that load malware into your computer. Do not click any suspicious links!!
#10
- DO establish a relationship with a reputable cyber security firm. Ask questions in advance about policy and procedures to keep your company safe on the Internet.
- DON’T wait until you are confronted with an incident to seek advice.
It may seem like a pain to create complicated multi-character passwords, to change them often and to use a different password for each program, but these actions are key in keeping your sh*t safe. Like we mentioned in #5, the program LastPass can make many of these “Dos” a whole lot easier for you. Check it out! And no, they didn’t pay us to say so.
If you have any questions about this article or how P2CM can help keep your company’s sh*t safe, please contact us at (703) 939-8240 or sales@p2cm.com!