October is Cybersecurity awareness month. Now is a better time than ever to look at your current practices at the office and even at home.
It is important to know that we all play a role in keeping our work and personal data secure. It starts at the top, but remember it includes everyone at your company. Your IT department is responsible for implementing the necessary secure structures. However, whether you realize it or not, a majority of viruses and malware could enter through allowed access from any of your employees, without them even realizing.
Establish a strong technology policy.
Outline the top security measures your employees are required to follow. A common mistake firms make is allowing employees to check their personal emails from their work computers. When an employee logs onto a website to open and view emails from a personal account, none of those emails go through the secure infrastructures your company has set up. If they accidentally download something malicious, and their computer is on your network, it could infect the network. Instead, you may offer off-network devices or require your employees use their personal handheld devices to check personal email.
Educate all team members.
Everyone should share stories, prevention plans, and experiences. Always try to learn from any mistakes made. Every employee at your company should be educated on what measures to take to prevent attacks and how to respond. Most attacks come in by someone enabling the attack, from clicking on an email or visiting a website; there is usually an individual who unknowingly allowed the intruder in. Send email reminders on what to avoid and talk about recent breaches.
Passwords, the longer the better.
Require your employees to change their password at least quarterly. Use special characters, capitals and numbers to create strong passwords. They should be cryptic so they cannot be easily guessed. Remind your employees to never leave the password in their top drawer, or under their keyboard.
Implement 2-factor authentication login.
This additional layer of security is also known as “multi-factor authentication.” It requires a username and password along with something only the user has – a keychain token, app. on their smart device, fingerprint, etc. If a hacker is able to get your username and crack your password, they cannot get in without your key token, fob or other device. This is only more effective if your employees do not keep the key token or fob in front of their computer. You may already be using this process with your smart phone device or personal email accounts.
Install Mobile Device Management (MDM) software on your phone.
MDM software provides additional levels of security. Depending on the version you have, additional features are available such as security management, inventory management, Virtual Private Network (VPN), patch and update management. Some MDM software can even alert you if end users are running vulnerable old versions of software. MDM software has dashboards that can alert you of any devices that you did not know had corporate email. In addition, it can also help you create and set up secure policies, compliance rules, and settings, which are usually fully customizable. Lost devices can cause serious problems, but with the help of MDM software, you can locate, lock, and even remotely wipe a lost device.
Avoid downloading “free software.”
Inform your employees that they are not allowed to install unauthorized or unlicensed software on any company owned device. These unlicensed software versions can make your company susceptible to malicious software downloads that can attack your company’s data at any time. These free versions of software usually also install additional third-party add-ons. Free versions usually do not include support or security patches.
Stop pressing snooze on your software updates.
Make sure the software that is installed on your company’s devices is always up to date. Hackers are always looking for vulnerability’s in your networks. Update the security patches right when they come out. Software companies can usually detect a vulnerability and work hard to replace it with a patch immediately. Take advantage of their knowledge and get those updates done!
Knowledge is power. The more you educate your staff about cybersecurity preventative measures and what to look out for, the stronger your security wall will be. Employees should be encouraged and praised when they alert the IT department of any suspicious activity on their devices. Hopefully most alerts are false alarms, as they can usually be safe Windows updates, but in the event, there is an actual attack, the faster you catch it, the less damage that is done.
While these are recommended security measures, always consult an IT professional or refer to your company’s technology policies before making any changes.