As we approach the new year it is traditional to make our New Year’s Resolutions. Unfortunately, most resolutions are made but not kept, so I am a little reluctant to offer these ideas for improving your cybersecurity in the coming year. But if you have not climbed on the cybersecurity bandwagon yet, you are definitely overdue. Pick a few of these ideas to implement in your business.
Here they are:
- Stay informed about the changing threat landscape
- Create or update your computer usage policy to include cybersecurity issues.
- Create an incident response plan so you know what to do when your business is breached.
- Learn to confirm. When you get an email requesting payment, funds transfer, or company information, pick up the phone to confirm the content with the sender.
- Watch for phish. Never click on a link in an email or open an attachment without confirming the source is authentic.
- Update your hardware, operating systems, web browsers, software applications, and security software. Patched systems are the most secure.
- Create an enforce password policies. Passwords should be longer than 10 characters, complex, and changed at intervals.
- Using a password manager program makes this easier for most users.
- Use two factor or multi-factor authentication.
- Only supply secure wireless. Even Guest networks should require a passphrase to ensure that all wireless traffic is encrypted, and to prevent parking lot logins by cyber criminals.
- Use Chromebooks for online banking and financial transactions, and anywhere else you can. These systems do not accept software program (or malware) installation of any sort and are the most secure platform available.
- Use background checks for all new hires.
- Train cybersecurity to your staff, and make cybersecurity part of the corporate culture
- Reward cybersecurity alertness by your staff, make it fun with awards and contests. Get strict with policy breakers.
- Use the exit interview to recover company assets and logins when people leave your company. Turn of network access for all personnel leaving your employment for any reason.
- Audit the cybersecurity standards of any vendor company that has permission to connect to your network.
- Encrypt everywhere. Use encryption over networks by using HTTPS or VPN connections. Use full disk encryption for laptops, and full-disk or file encryption for stored information and databases.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com