There are multiple cybersecurity products out there, and so many terms thrown about, it is easy to feel confused about protecting yourself and your business from cybercrime. Before spending a great deal of time and money figuring out a new solution, do yourself a favor by making sure your current solution is up to date.
There are two aspects of cybersecurity that must be current: the products and the people.
Current Cybersecurity Products
There are obvious and not so obvious forms of cybersecurity in place these days. Email filters, firewalls, and virus/malware scans are some of the obvious. However, software patches, firmware updates, and current versions of applications also regularly include enhanced security protocols.
Make sure everything you use is current. And not just the security applications and operating systems, everything. Only use versions of applications currently supported by the software developer. Of course, you want to check the desktops, laptops, and servers; however, your firewalls, routers, switches, and office equipment (such as copiers, scanners, and printers) that talk to other office equipment also need regular updating.
How embarrassed would you be if your company got hacked through the office copier? If it is on a network, someone can hack it.
Current Cybersecurity Knowledge
The most important form of cybersecurity is informed personnel. When someone new comes on board, make sure to train them in your security protocols. That means that your security protocols need clear documentation that you and your team review and update regularly.
That documentation needs to cover:
- what the organization has in place
- what’s allowed and not allowed in terms of internet access
- what to look out for
- what to do with suspicious emails, errors, or other communications
- What to do if there is a security breach
Have regular company update trainings to keep everyone current on the latest scams and measures to prevent them.
Other People Factors
While knowledge is key, passwords are critical. Make sure your business has a solid policy for regularly updating and securing passwords. Enable multi-factor authentication everywhere you can. Secure passwords and multi-factor authentication are no longer optional with today’s sophisticated cybercrime.
Finally, make sure to back up your data regularly, both on- and off-site. Applications perform backups, but people execute the process. An easy policy and user-friendly applications are vital to a successful backup regimen. Having a backup solution that is inaccessible by cybercriminals is essential. (Note: Having an external hard drive used for data backups is only a good idea if you disconnect the drive from your computer once the backup is complete.)
Good data management is more than just seeing that the backup application is doing something – test it! Can you retrieve that vital client document from six months ago? Better yet, can you retrieve that document from the backup kept in an off-site location? If you don’t have any backups stored off-site, implement the practice at least monthly. How often should you generate backups? That depends on your business; for example, daily backups for a tax preparer during tax season is an excellent idea – maybe not so often from May to January.
Next Steps
If everything is current yet you do not feel safe from cybercrime, then think about stepping up your cybersecurity game. Most small businesses do not have a full-time IT department that watches these things, so using an outsourced IT provider like Cantrell’s IT may be a good way to go.
If you have any questions, about your current system (or lack of system) contact Cantrell’s IT and let us help.