As a cyber security professional, I often get asked this question.
As business owners, there are some things you can do on your own. Without a team, difficult to do.
Here’s the things you can do yourself.
I’m a strong advocate of using technology in all aspects of business, and with that comes the responsibility of protecting ourselves. Here’s some tips to ensure that we get the basics right first. Here are five actions you can take today to enhance your business’s cybersecurity practices:
- Active Users: Review active users and accounts across all technology and services. Remove any old or disabled accounts that are not required. This can also manage costs for licenses and subscriptions.
- Authentication: Enforce 2FA/MFA (Two-Factor Authentication/Multi-Factor Authentication) through authentication applications. Avoid SMS-based methods as they are outdated and insecure.
- Passwords: Disable password expirations and instead use longer (at least 20 characters), more secure passwords through an enterprise password management tool. This will manage logins so passwords do not need to be memorised by staff.
- Antiviruses: An estimated 91% of corporate breaches are caused by human error. Install corporate-grade antivirus software and web filtering tools that preventatively and proactively stop attempts to infect devices. It is critical that user devices are fully protected, especially when working remotely and/or using personal devices that aren’t covered by corporate policy.
- Update Equipment: Ask your IT provider when networking devices such as Firewalls, Switches, and Wireless Access Points were last updated. These should be updated once per month, or immediately in cases where there is a notable outbreak globally.
The more difficult items are those that require specific care, and focus, and probably a firm like Buchanan Technology to further protect your business. i.e. get cyber professionals to support you. Also need proactive monitoring in plcae with an external vendor.
Data Encryption: Ensure that all sensitive data is encrypted both in transit and at rest. This means using encryption protocols like TLS for data being transmitted over networks and encrypting storage devices to protect data from unauthorised access.
Access Controls: Implement strict access controls to limit who can access sensitive information. Use role-based access control (RBAC) to assign permissions based on job roles and regularly review access rights to ensure they are up-to-date.
Incident Response Plan: Develop and maintain an incident response plan to quickly address and mitigate the impact of security breaches. This plan should include steps for identifying, containing, eradicating, and recovering from incidents, as well as communication protocols for notifying stakeholders.
Device Management: Utilise a mobile device management (MDM) solution to enforce security policies on all devices used for work purposes. This includes ensuring devices are encrypted, have up-to-date antivirus software, and can be remotely wiped if lost or stolen.
User Awareness Training: Conduct regular cybersecurity training sessions for all employees to raise awareness about common threats like phishing and social engineering. Educate staff on best practices for identifying and responding to suspicious activities to reduce the risk of human error.