Question: What are some steps we can take to protect our business, employees, and customers from the threat of hackers and data breaches?
Answer: Cybersecurity is a serious and integral part of any computerized workplace and requires your attention to prevent breaches. To best protect your business, employees, and customers, take the following steps to ensure cyber security at all levels of your business:
- Start with ensuring that your IT professionals responsible for building and securing your information networks have the capabilities and resources for assessing and managing your IT risk and security needs. This should include, at a minimum, identifying and protecting the proprietary data that could be potentially at risk with a secure, hidden, encrypted Wi-Fi network, password protections and firewalls to prevent hackers from accessing sensitive data.
- Create concise workplace policies that detail cybersecurity, how to handle breaches, and penalties for violations. Train all employees on what they can do to prevent these breaches and regularly review security policies with everyone on the team.
- Require the use of unique passwords (numbers, letters, and symbols), and require passwords be updated every three months. If sensitive data is a normal part of the business, implement multifactor authentication, which requires more than just a password to gain entry.
- Limit employee access to protected and proprietary data, and limit the ability to install outside programs on laptops and devices used for work purposes. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission.
- Limit physical access to workplace computers and require each employee to have a unique user account. Laptops can also be locked in a secure location when not being used, with only IT staff and key personnel having administrative privileges.
- Keep computers up to date with the most current security software, web browsers, and operating systems. An additional protection is to set antivirus software to scan after each update. Key software updates should also be regularly installed.
- Backup business data and information on all computers. Backups can be set automatically or on at least a weekly basis.
- Make sure to use the most trustworthy and authenticated tools and anti-fraud services when working with banks, credit cards, or sensitive or personal information. For extra security, separate payment systems from other workplace systems and not use the same computer to process payments as used to search the Internet.
- Where mobile devices are issued to employees, make sure each device requires password protections and utilizes data encryption, and security applications are installed in case the device is used on a public network.
- Ensure that your overall risk exposures are appropriately insured.
- Technology changes rapidly. Continually educate and train your team on all cybersecurity policies and keep them up to date when workplace policies are updated.
With the right planning, attention to detail, and safety measures implemented, your business can limit exposure to outside attacks from cyber thieves and even thrive in this new era of technology and safety unknowns.