The last week of Cybersecurity Awareness Month, focuses on putting Cybersecurity First. That means embedding it into your business plan and making it a part of your operation… not an afterthought.
Many people get excited about the benefits of things like replacing old computers or enabling staff to work from home while ignoring the potential security concerns of making these changes. We want to try to shift that mindset to incorporating security into your business so that it’s ingrained in your operation.
New Device? Secure it Before You Play With It!
We all know the feeling…our phone renewal came up and now we get a shiny new smartphone, with a super sharp camera, crisp screen, fast connection speeds and all the bells and whistles. Once we have it in our hands, we eagerly await as it boots and sets itself up for the first time. Eventually, we get to that home screen and want to download all our favorite apps and start connecting our accounts. That’s great… but slow down.
Before you start personalizing your device, consider the following:
- Have you made sure that all your important data has transferred?
- Has the old device has been wiped?
- Are you sure that you can log into all your accounts on your new device with multi-factor authentication (MFA)?
- What about your work email and the security features you need to have set up?
- Have you changed any default passwords and made sure the device is lockable and trackable?
None of these (and other) steps to properly secure and pivot to a new device are particularly difficult. However, it’s important to be diligent about these measures up front when you get the device.
If you are unsure of how the device works or how to secure it, there’s no better time than during the initial setup to do it right the first time. Just make sure not to procrastinate or avoid the security aspects of your new phone.
Empower Your Staff and Secure Your Office!
Don't assume that your technology is going to do all the security work for you. Build your Human Firewall by teaching your employees to be strong ambassadors of your data integrity.
It’s a huge mistake to assume that your technology is going to do all the security work for you. It’s also true that people are the one weakness you can’t patch and update.
However, as a leader, you can make sure your staff are a security asset more than a liability by empowering them to help protect your business. This doesn’t mean that your staff need to be experts at technology, but they should be aware of basic day-to-day security measures
Security Awareness Training should occur regularly (along with employee acknowledgement of the training), including an understanding of:
- The nature of the data they create/touch/share every day.
- What data is sensitive and for what reasons?
- What does the business need to be compliant with?
- Phishing and social engineering
- If someone sends a suspicious email, your team needs to know not to click links or attachments.
- How to report security incidents to your IT support team so it can be handled appropriately.
- Why security exists, especially if some security measures, such as multi-factor authentication, may be considered inconvenient or annoying.
- People might not like getting text messages for MFA tokens but getting a few text messages is a small price to pay to avoid account compromise.
As you may be able to tell, these tips are mostly about communicating to your team.
The goal is to create a workforce that operates in the same way and works together. This is something any organization can do to reduce security risks, even if they are lacking in technology or budget.
What Products and Services Do You Use and Why?
Just because something might be cheap, easy to implement, and solves a problem (supposedly), do you know what that product does with the data that feeds into it? You must do your due diligence before investing in security products.
If you went to a hardware store and bought a padlock from a company with a 50% failure rate, would you feel your valuables were well-protected? Of course not! You would never accept that kind of performance from a physical lock, so why should you accept it with your technology products and services?
Just because something might be cheap, easy to implement, and solves a problem (supposedly), do you know what that product does with the data that feeds into it? Does the manufacturer care about its customers enough to make sure they create a reasonably secure device and update it when necessary?
You shouldn’t lose a lot of sleep over buying an Apple MacBook or a signing up for an account on Amazon, but there are so many products and services from unknown or off brand companies who cut corners, which can often fail on the security side.
Even companies that are established sometimes don’t take proper care of our data. So you have to consider if you really even need the product or service you are signing up for.
Every time you trust someone with your data, you are exposing yourself just a little bit. Your data footprint gets bigger, so to speak. This is fine of course…you should use products and services you value, but you should also understand what you are really getting out of it.
At the end of the day, you need to keep your focus on security as a part of your business processes. You should be identifying risk factors to your organization as you make decisions so that when you make changes or move forward that security is incorporated first and not later when it’s too late.
Cybercriminals are continually inventing new ways to infiltrate and extort an organization’s mission-critical data. We keep up with the latest in cyber-attacks so we can help protect your business. Let us help!