Are you worried about your organization’s exposure to digital risks? What about your personal exposure?
If you’re not, you should be, even if you feel you have a good handle on the basic principles of cyber security. That’s because digital threats abound. They’re all around us, whether we like it or not.
Take the ransomware attack that temporarily disrupted fuel supplies to the eastern United States. Or the third-party intrusions that resulted in massive data breaches at Target and Home Depot. Or the unauthorized data release that spewed millions of personal and corporate records held by international fiduciaries like Asiaciti Trust and a number of global law firms as well.
You’re not immune to these risks. But you can take measures to protect yourself before you become a victim. Let’s take a look at six things your firm and its security vendors can do right now to shore up your cyber security.
1. Restrict Who Can Access Sensitive Information
Less access isn’t always “better.” Your employees and contractors do need to be able to view and edit the data they need to do their jobs. Technical team members need access to backends, applications, and other sensitive areas of your digital footprint, as well.
But these individuals should only have access to the systems and data that are absolutely necessary for their job functions. They shouldn’t have more access than needed simply “because.” That’s a recipe for unauthorized data releases and makes it more difficult to determine who’s at fault for them.
2. Implement Strict Email Security Protocols
Email is inherently insecure. There’s a good reason you know not to send sensitive data like account numbers or passwords over unencrypted email. You don’t know who’s lurking out there, watching what you send.
As careful as you are to watch what you say in unencrypted emails, you can’t control what your employees and contractors do with emails they receive themselves. But you can clarify the consequences of carelessness with strict email security protocols warning against clicking links in emails, opening emails from unknown senders, and downloading any suspicious attachments.
3. Enable Two-Factor Authentication Whenever Possible
Two-factor authentication (2FA) makes it much harder for attackers to gain unauthorized access to password-protected accounts. Not impossible, of course, but harder.
Enable it for any company account that allows it; most enterprise software does at this point. If a particular system or process doesn’t yet use 2FA, look for an alternative, as the status quo leaves you vulnerable to compromise.
4. Use Non-Invasive Employee Monitoring Tools
Remote employee monitoring is not necessarily invasive — not if you use the proper tools, at least. Which you should, especially in a tight labor market; nothing saps employee morale faster than the knowledge that their every keystroke is logged.
Look for tools that monitor “uptime” or “active time,” rather than the content of employee activities. Reserve more invasive methods for monitoring sensitive areas of your digital footprint, which should record login attempts and data transmissions anyway.
Look for unusual patterns of activity, such as employee accounts active during the wee hours of the morning. These patterns can be suggestive of malicious insider activity.
5. Back Up Important Data Frequently
The best way to protect against data loss is to minimize the amount of data you can lose. Not by deleting files every day, of course, but by backing them up in multiple secure locations — both in the cloud and on physical storage media housed away from prying eyes.
The best practice is to back up data at least once daily, but twice a day is better. You never know when a ransomware attack will strike, after all.
6. Use Encrypted Email and File Sharing for Sensitive Documents
We’ve already explored the inherent insecurity of conventional email. The alternatives: encrypted email and direct file-sharing services. They’re free or cheap — though enterprises typically have to pay more per seat — and can support large file sizes. For really big transfers, you might need to use a thumb drive, but 95% of your data sharing needs can occur in the encrypted cloud.
Leave No Digital Stone Unturned
Shoring up your organization’s cyber security is not a “one and done” activity. It’s not even an occasional task that you can delegate to one or two people within your organization.
No. It’s a systemwide campaign that never really ends. Sure, a lot of the items on this list qualify as low-hanging fruit, where simple fixes can markedly improve preparedness. But even those fixes require constant attention.
If you’re not already doing so, it’s time to take your organization’s digital security seriously. It’s time to leave no stone unturned in your effort to ward off the bad guys.