While keeping New Year’s resolutions can prove to be challenging, there is one resolution worth focusing on, and that is improving your organization’s cybersecurity.
The new year is a perfect time to clear out the clutter in your company’s digital house and start new habits that will protect your business data and information. Cyberthreats are ever-present, and criminals adjust to new security protocols, which means that constant vigilance is necessary.
Here are some steps you can take in your resolve to be cyber-safe in 2023.
Improve your passwords by creating ones that are unique and strong. Don’t reuse official business-account passwords or individual staff passwords across multiple sites and software program. And never use the same password for personal and business purposes. If there’s a breach at one, your other accounts become vulnerable. By “unique,” we’re talking about the dictionary definition of the word — meaning, one and only, not the more relaxed definition of “unusual.” In addition to being unique, passwords should be strong, using a mix of UPPER-CASE and lower-case letters, numbers, and characters.
Be critical of links. One area that cybercriminals have become adept is at phishing emails — they are everywhere, becoming more sophisticated, and targeting individual employees. Remind your team to exercise caution when clicking links in emails and examine them carefully. Does the tone of the email sound off? Be particularly attentive to any communications saying they are from a banking institution or accounts-payable vendor. Your bank will never ask you to disclose information, such as your account information or passwords. If something seems suspect, make sure your employees know to notify you immediately, so that you can report it to your financial institution.
Enable multi-factor authentication (MFA) wherever and whenever possible. MFA is one of the best available tools to prevent fraud and protect your accounts — when it’s used properly. By setting up MFA on your organization’s accounts, you add an extra layer of protection against unauthorized access. When you log in, the account sends an additional code, typically to your cell phone or your employee’s cell phone. You enter this code when prompted, and the login isn’t completed until the code is verified. This means that code is the key to accessing your organization’s accounts, so it’s critical that your employees know that they must never provide it to anyone — and no one from your financial institution will ever ask you to provide this code to them over the phone. If you receive a code that you didn’t initiate by logging in, or if you receive a phone call from someone requesting your MFA code, these are warning signs that someone is attempting an unauthorized login, and you should change your password.
Work improved security into your everyday activities. This step might require a change in your organization’s normal routine, and as a habit change, the key is being consistent about the changes so that they stick. At work, when employees leave their desks, make sure they know to lock their computer workstations. Do the same with other electronic devices, such as smartphones and tablets. Don’t leave papers with account numbers out where they can be accessed, at work or at home. Protect paperwork with sensitive data — anything with a Social Security number, a bank account number, or login details should be tucked away, out of sight and secured. This includes having confidential information visible in the background during video calls. Invest in a shredder for your office as well as for home use — or if sensitive paperwork has piled up, check with your financial institution to see if it sponsors safe shredding events.
Being aware of the changing face of cybersecurity threats is only half the battle. All of us need to take steps to stay ahead of online threats at work and at home. By implementing these new habits in your organization and in your personal life, you can begin the year with more-secure accounts and reduce the risk of becoming a victim of cybercrime.
Terra Carnrike-Granata is senior VP and senior director of information security at NBT Bank, where she designs and implements sophisticated controls to prevent loss and mitigate risk, while also developing innovative ways to educate consumers and businesses on cyberthreats.