Top 10 Cybersecurity Best Practices for Your Business
Easy Ways to Protect Against Cyber Threats & Make Your Company Stronger & Safer
Get the feeling that every day an organization is apologizing for a sensitive data breach or admitting that they’ve been hacked? It’s not just you. Cyberattacks and cybercrimes are becoming frighteningly common. And it’s not just the massive conglomerates that are suffering data breaches either; attacks on small businesses are on the rise as well, with hackers realizing that small businesses might not have established a robust cybersecurity defense.
Cybersecurity defense company BullGuard estimates that roughly 43 percent of small businesses do not have any kind of cybersecurity defense plan at all. When remote work became the norm during the pandemic, these risks became even greater. A recent White House cybersecurity memo highlighted the importance of being prepared for a cyberattack and outlined cybersecurity best practices.
Joe Giordano, the Cybersecurity Program Director at Touro College Illinois, advises businesses to take simple precautions to protect sensitive data. “It is a good practice to train employees to spot phishing emails, avoid clicking on suspicious web links or email attachments, and to create more secure passwords. Businesses should be mindful of using up-to-date antivirus software, as well as other security measures to guard sensitive information. Just following some simple guidelines can go a long way toward ensuring that an organization is safe and secure from a cybersecurity perspective.”
While there’s no replacing a full-fledged cyber defense team, there are a number of basic common sense cybersecurity techniques that will make you and your company safer.
10 Important Cybersecurity Best Practices
1. Education
It’s much easier to prevent a hack than it is to recover from a hack. Once your company’s sensitive data is stolen through a ransomware attack, recovering it is often a long and arduous process. Teaching employees about basic security, personal cybersecurity, and the prevalence of cyber threats goes a long way in stopping ransomware attacks before they can really do damage. Your employees should understand that they might be targets of malicious actors, eager to exploit any entry they can find in your company.
The average cost of a cyberattack is 3.86 million and the cumulative total for global cybercrime is expected to cost $6 trillion. If you don’t pay to train your employees about cybersecurity best practices—eventually you may end up paying more in the long run. High quality and free trainings for your employees are available from several government resources including Stopthinkconnect and from the Department of Homeland Security.
2. Better Passwords and Multi-Factor Authentication
Think no one will guess that your password is your mother’s maiden name and her birthdate? Think again. Cyberthieves have developed powerful algorithms that can correctly guess difficult passwords in seconds. Traditional password advice suggested using a long password of 12 characters at minimum with a mix of numbers, symbols and capital and lower-case letters.
While this is a good strategy, it isn’t enough and nearly every security professional recommends using two factor or multi-factor authentication. Two factor authentication is a security process which requires two different authentication factors to gain access to programs or resources.
3. Know Your Company
Take advantage of an easy resource: your own knowledge. Think about your company and where hackers are likely to target. Would they be interested in your employee’s personal information, or are they interested in your customer databases or intellectual property? Find the most likely targets and secure them appropriately.
4. Safe and Secure WiFi
It might be a no-brainer for a company to have a secured, encrypted and hidden WiFi network, but with the advent of remote working, it’s important that your employees also safely encrypt their own personal networks. Your employee’s security is also your security. Hacking an employee’s remote network is an easy way to eventually gain access to the company’s mainframe.
5. Backups Backups Backups
Hackers thrive on being able to disrupt an organization’s activities. An offline backup will enable your business to get back on is feet while cybersecurity experts deal with damage and fallout from a cyberattack.
6. Install Anti-Virus Software
Even the best-trained staff occasionally make mistakes. Having anti-virus and anti-malware software installed on computers add an extra layer of protection, especially against phishing attacks— a social engineering attack used to steal data and login credentials.
7. Secure Physical Devices
Just like you lock the doors when you leave your office, company laptops should be secured with passwords or pins. Laptops given to employees who are no longer at the company should be retrieved. Think of every work computer as a possible gate into your company.
8. Update Software and Firmware
The UK’s National Cyber Security Centre estimates that more than 80% of hacks are indirectly caused by outdated software (Centrify). The best anti-virus and anti-malware programs are only as good as their latest patches. Forgetting to install patches will allow hackers to exploit the system’s weaknesses.
9. Be Safe Rather Than Sorry
Email look suspicious? Don’t click on it. Pop-up offering you a good deal? Ditto. The ABC’s of cybersecurity are Always Be Cautious. Double check where emails come from before responding, especially if something sounds off.
10. Have a Plan
As a small or medium-sized business owner, having your own cybersecurity team is a sizeable expense. Luckily, there are a number of free resources that will help you develop a basic cybersecurity plan and give you an idea of what steps to take if you have been hacked. We recommend the cybersecurity risk management plan published by the FCC, as well as the cybersecurity guide published by the Small Business Administration.
An Urgent Need for Cybersecurity Experts
In the coming years, companies need to take cybersecurity seriously and invest in it with adequate resources. Following these 10 cybersecurity and network security best practices is a great place to start. Companies of all sizes need a cybersecurity team, in-house expert, or at least a consultant to monitor network and device security and make sure vulnerabilities are addressed quickly.
If you or your employees are looking to gain cybersecurity skills but don’t have time to enroll in a full degree program, our graduate certificate program is a great alternative. Even if you don’t have much prior knowledge in the field, the Touro College Illinois graduate certificate program in cybersecurity can get you started. Explore our curriculum and features and see if the program is a good fit for your educational and business needs.