What do customers want first and foremost? A business they can trust.
But if the recent cybersecurity landscape is any indication, becoming that business is getting harder everyday. Hackers hold company servers and networks hostage with ransomware. Spying and eavesdropping compromise customer’s personal details.
When hackers and cybercriminals attack, their exploits make it to the news only if the target was a large government arm or a multinational company.
However, don’t think that small businesses are out of the woods. Verizon’s 2017 Data Breach Investigations Report found that over 61% of all data breaches happened in businesses with less than 1,000 employees. Small businesses in simpler terms.
Don’t let your business become a victim. This brief guide will show you simple yet effective strategies for safeguarding your company and customer’s information.
The Three Pillars Of A Rock-Solid Workplace Cybersecurity
Before we look into actual tactics, you will want to build an office environment that safeguards customer data and promotes excellent security hygiene. Here are the three building blocks of a security-oriented workplace:
A Well-Equipped And Trained Workforce
How your company needs to train workers in cybersecurity
Even the best digital security tools can’t provide 100% protection against attacks, unless the entire team commits to safeguarding vital customer information.
You want to adopt a strong data security policy and guide employees on how to keep systems secure. For starters, you want to train your people on spotting malicious emails. Moreover, you also want to have a clear process for reporting unusual emails and suspicious attachments to the IT department.
Your company’s data security policy should also include password usage.
In particular, educate employees on the don’ts when creating passwords. The list of no-no’s include birthdays, SSNs, phone numbers, and words and phrases found in dictionaries.
And, please, don’t use “Password1.”
Basic Computer Security: How to Protect Yourself from Viruses, Hackers, and Thieves
Yes, the passphrase complies with most requirements. It has more than 8 characters, a capital letter, and a number. But guessing it is a cinch for hackers. Sadly, “Password1” is the most common passphrase for business users, says Trustwave’s Global Security Report.
Staying Up-To-Date With Trends And Threats
Keeping track of the ups and downs in the cybersecurity landscape is essential for maintaining the integrity of your systems and preventing you from falling for vulnerabilities.
You have a lot of resources at your disposal. To start, check out the CERT/CC for the latest vulnerability reports on the most popular office software and tools. Their searchable database lets you browse updates based on their publishing date or severity.
Reddit’s security news subreddit (r/netsec) pools security-related news topics from users of different skill levels. The subreddit also uses a voting mechanism which brings the most important stories and alerts to the top of the page.
And of course, you can also follow pros.
Certain security professionals, like Brian Krebs and Bruce Schneier, deliver news with their unique take on the matter. In their blogs, you will also find security basics and in-depth guides that everyone in the office can benefit from.
A Firm Grasp On The Best Practices
And to complete our list of pillars of rock-solid cybersecurity:
You also need to have a firm grip on the best practices.
Make no mistake, covering everything in one post is impossible. Not to mention cybersecurity is a highly technical field. On the other hand, you can bolster your organization’s data security by leaps and bounds in only a few steps.
The following section will look at those crucial steps, so read on!
5 Steps To A Tighter Data Security And Happier Customers
An overall customer data security strategy, which involves everyone in the company, will beat any single tactic or technique.
However, forming a strategy takes time. You will need to carry out a sitewide audit of software and hardware, train employees, and sit down with the IT team. Meanwhile, your business’ data is in desperate need of better protection.
Don’t let perfect get in the way of better. While you’re mapping out a complete data security strategy, following the steps below will bolster your organization’s resilience against cyber attacks.
Adopt Multiple Layers Of Authentication
Go for two-factor authentication (2FA) whenever possible.
When you use 2FA, the system requires the user to input more than the username and password to gain access. Some may need a piece of info only the user knows, or a hardware token. Others may require a one-tip passcode sent via SMS.
Bottom line:
Two-factor authentication adds an extra layer of security.
When combined with good security habits and strong passwords, two-factor authentication guarantees only the intended user gains to an account, service, or dataset.
Filter What Goes In And Out Of The Network
Malicious software, or malware for short, are designed to sneak into a computer to wreak havoc. If the infected machine belongs to a network, the malware will spread to other networked devices.
The list of malware includes viruses, worms, trojans, spyware, ransomware, and plenty more. Worse, their creators are sneaky, disguising infected emails to make it look like it came from a friend or a legit website. The cover-up can trip even the most cautious employee.
So your best bet:
Filter what goes in and out of the network using software and hardware.
A reliable internet security suite with anti-malware lets you scan the network for harmful software, remove or quarantine infected files, and prevent infections.
A combination of hardware and software firewalls, on the other hand, delivers strong endpoint, network, and email protection – blocking suspicious file types and exploit kits before they do harm.
You will also want to regulate the use of removable storage devices to leakage of customer’s personal information and other confidential business data.
Encrypt The Entire Network
How to encrypt your entire life in less than an hour
Encryption turns stolen company data into useless gibberish, known as ciphertext. Anyone attempting to read encrypted files needs the decryption key to transform the smorgasbord of characters, letters, and numbers back into readable files.
AES, or Advanced Encryption Standard, is the most popular protocol in use today. Even the United States government uses it, alongside large enterprises like Google, Apple, and Amazon.
You may not be a multinational company, but you can take advantage of encryption nonetheless!
Office desktops and laptops can use full-disk encryption using Bitlocker (for Windows) and FileVault (for Mac). These solutions are built into the operating system, and they’re free and easy to use. If you issue phones to employees, know that most Android smartphones have encryption turned on by default, while iPhones can encrypt their data via the settings.
You can encrypt even your company’s internet connection and removable storage devices, making sure outsiders and eavesdroppers don’t get their hands on juicy details.
Patch Applications And Operating Systems
Intel says it will patch 90 percent of recent chips by next week (updated)
The attack on Equifax earlier this year compromised the personal details of over 143 million consumers, while exposing the credit card data of over 200,000 consumers. All because of an application vulnerability.
The lesson:
Always make sure applications and operating systems are secure.
Use a patch assessment tool to make sure the software you use are up to speed, patched with the latest security updates from the developers. Most exploits happen because an already available patch for a vulnerability wasn’t deployed fast enough.
Be sure to look at the devices you use when assessing software vulnerabilities.
Take multifunction printers, for example. These machines not only print. But they also have their own OS, remote monitoring features, and offsite printing capabilities. While they sound nice, the same features can turn into security liabilities when not updated.
Microsoft issues emergency Windows update for processor security bugs
Note, too:
The more applications you use, the more vulnerabilities your system may have.
Keep track of your applications, keeping a close eye on software that weakens your network’s security without adding any significant benefit to your business.
Dispose Data Properly
Deleted data is recoverable. A hard drive may look like a melted piece of slag. But experts can recover 99% of its data with the right skills and tools, like in this example.
You could be leaking out sensitive documents, trade secrets, and financial information by tossing old hard drives and storage devices into the bin. So when disposing PCs and PC-related tech, always remember the Gutmann method.
The Gutmann method is an algorithm developed by Peter Gutmann and Colin Plumb for securely wiping out the contents of a computer. At the core of the algorithm is the process of overwriting the hard drive 35 times.
Tedious for sure. But good thing, you can find advanced deletion software and file shredders which employ the technique along with others.
On the other hand, paper trash may also contain classified information. So be careful in disposing physical waste, too. Use a reliable paper shredder that complies with the standards of the industry you’re in (ex: PCI DSS for payment card processing or HIPAA for healthcare).