By Sarah Goltz
Usherwood’s In-House Cybersecurity Content Manager
As cyber threats increase, so many companies are asking themselves the same thing, “Is my cybersecurity good enough?” As a managed service provider, many of these businesses are reaching out to us to get an answer. To help businesses answer this question without even needing to pick up the phone, we have provided a checklist to help you determine if your cybersecurity is where it should be.
This checklist is an excellent baseline for cybersecurity. If you can confidently say you follow each of these cybersecurity best practices, then you are in a good place. If not, then it may be time to consider making adjustments to your current cybersecurity process.
1. HAVE A C-LEVEL EXECUTIVE DETERMINE STRATEGY AND GOALS
Having a C-level executive communicate why cybersecurity is critical and how it should be approached will ensure the company as a whole can work towards a homogenous goal to stay secure. If you are outsourcing through a managed service provider, then it is more likely you would have a Virtual Chief Information Officer (vCIO) to communicate and help your business understand your IT environment.
A vCIO will work with your business regularly to ensure goals are aligned and each party has a clear understanding of what has or needs to be done. This is very similar to the role you would have your internal C-level executive play.
2. EMPLOYEES EDUCATED ON CYBERSECURITY
You can’t rely on one IT expert to keep your entire business safe from cyber threats. It is essential that your business educates employees to understand the who, what, why, and how of cybersecurity. Some of the most common cyber breaches are ransomware and phishing attacks.
These types of attacks often target the employees in your business through email. For this reason, it is critical employees know how to recognize and avoid these types of cyber threats. Many companies educate their employees by providing regular cybersecurity training.
This ensures they are consistently refreshed on the latest tactics and don’t forget to stay alert. It is essential that employees are educated on what these suspicious emails look like and how they can be avoided. The more knowledgeable your employees are on cyber threats and how to stay safe, the less likely you are to incur a cyber attack.
3. IMPLEMENT AND UPDATE CYBERSECURITY TOOLS
Your business must be using cybersecurity tools to keep your network safe. With cyber threats becoming increasingly more common, having the proper tools in place is the best way to prevent them before it’s too late. Many cybersecurity tools are implemented to help your business detect and avoid cyber threats before infiltrating your network.
It is also essential that you update any old equipment. As equipment gets older, it loses the ability to support new software updates and firmware. Not having the latest applications on equipment such as computers can make you more prone to cyber-attacks.
A cyber threat is much more likely to access an old device with outdated security protocols. For this reason, any equipment or cybersecurity tools should be refreshed regularly. This will help your company avoid the risk of an unexpected cyber attack.
4. STRONG PASSWORDS AND MULTI-FACTOR AUTHENTICATION
Strong passwords are quickly becoming the only way we maintain the privacy and security of our sensitive information. Whether it’s business or your personal life, you exist in a world where almost everything you do is online, stored online, bought online, etc.
As we continue moving towards a virtual world, it is more apparent that most of our personal information lies in our applications and online presence. For this reason, your business must mandate regular password standards that ensure it is secure enough. Employees should also be encouraged to change their passwords regularly to make it harder for hackers to figure them out.
Multi-factor authentication (MFA) is another way to make it more difficult for a hacker to gain access to your business systems. A secure password is a strong foundation but only the beginning. For this reason, it is essential to implement MFA.
MFA requires a second level of verification that must be authorized before you gain access to an account. Examples of this can be a code sent to your phone or email, answering a few questions only you would know the answer, or facial recognition. MFA ensures that if someone tried to get into your account, you would be notified so that you can change your credentials and deny access.
5. PLAN FOR EMERGENCIES
This is commonly referred to as a disaster recovery plan. A disaster recovery plan is a strategic plan that aims to minimize damage and downtime in the event of any network disaster that hits your company.
The goal is to prevent disruption if you underwent a breach, ransomware attack, network crash, etc. Whether you call it a disaster recovery plan or something else, you must have some type of strategy in place to mitigate the effects a breach could have on your business if it were to occur.
Having the proper cybersecurity plan in place is critical to maintaining a secure environment for your business. Using these five items as a guide should help give you a solid starting point on determining if your cybersecurity is where it should be.