It’s no secret… most small to medium-sized business don’t have a very elaborate cyber-security strategy. They might have a few areas covered, maybe a handful of items listed in the very back of the employee handbook, and probably a decent anti-virus solution installed to protect their workstations. But that’s where things end, and considering things didn’t go very far, that’s not a good sign.
So if you’re going to make strides to improve your cyber-security strategy this year (which you probably should), here are three critical areas you should consider.
The human element… this will always be your greatest security weakness. And this is because humans aren’t perfect. We mess up. We make mistakes. We do things we shouldn’t. That’s just how the cookie crumbles. However, with just a little training, the majority of these mistakes can be avoided or, at the very least, minimized.
Your employees should be trained on social engineering. They should be educated on prevalent cyber-threats. And they should know the ins and outs of things like password creation, phishing, and malicious ads. With minimal training in these areas, your business can avoid most security threats.
If you want to keep your network and all the accounts that fall inside it secure, then you need to have good, strong credentials to back them up. But you can’t just expect this to happen naturally – because it won’t. It’s just way too easy to create bad passwords… so unless there’s something set in place that tells people how to create their passwords, people will more than likely create passwords that are easy-to-crack.
To make sure this doesn’t happen, you must create, implement, and follow a solid password policy. This policy should cover topics like when to create new credentials, how long your passwords should be, and whether or not they should incorporate capital letters, symbols, and numbers.
Modern companies are mobile-friendly companies. Employees work on-the-go using the devices they’re most comfortable with – like laptops, tablets, and smartphones. While this behavior can improve productivity and maximize opportunities, it can also increase your odds of suffering from a data breach.
Unfortunately, though, it can be hard to enforce a policy that says, “You are not allowed to lose your mobile devices.” So because of this, you need to incorporate features like remote wiping, phone-finding software, and mandatory security patching into your Bring Your Own Device (BYOD) policy. And you should encourage people not to connect to public Wi-Fi, to never share devices, and to keep their devices locked with a strong passcode.
Do you have a plan in place for upgrading your security strategy? If you’re not sure where to start, then give us a call. Our team of security experts have kept local businesses safe from both internal and external security threats, and would love the opportunity to do the same for your business.