It’s a good question. A recent survey showed only 50% of U.S. businesses have a cybersecurity plan. So that is why we are working to tell the world we need to do something different.
As we wrap up Cybersecurity Awareness Month, it’s a good time to create or review your plan, especially as your businesses’ operations — payroll, invoicing, content and data management — have moved online.
Most companies have a fire prevention plan that adheres to fire code, and includes installing fire alarms, sprinklers and extinguishers. You need a similar multi-faceted strategy for your network security.
Focus on prevention and treatment such as:
- User Awareness & Phishing Training: Social engineering and phishing attacks have caused $43.31 billion in losses globally since June 2016. Teach your staff to spot these email-based attacks by using phishing awareness training to boost their confidence when handling suspicious emails. IT security tools are essential to reduce your risk, but user awareness is key since phishing campaigns are the easiest target.
- Multi-Factor Authentication: MFA uses two or more identifying factors to prevent malicious access to your network. Passwords, external multi-factor authentication devices (such as your YubiKey) and fingerprint scans are common.
- Password Management & Policies: Manage passwords and procedures at your company. The National Institute for Standards in Technology (NIST) best practices are: 12-15 characters minimum; use phrases; don’t require special characters or frequent password resets; monitor employee passwords on the dark web; and use multi-factor authentication and a password manager.
- Cyber Insurance: Cyber liability insurance providers check for MFA measures, which prevent 99.9% of cybercrimes. (In addition, 94% of ransomware victims didn’t use MFA). Once your data is breached, criminals will resell it, so buy the insurance (and meet all their security-based requirements) but do NOT skip the MFA. Your insurance company will provide structure to your plan.
- Endpoint Detection & Response (EDR) w/ Antivirus: EDR with advanced AI allows you to actively monitor, log and identify active threats. You can monitor it in-house or upgrade and use our managed service. Advance AI actively prevents incursion.
- Disaster Recovery Planning: Identify the mission-critical components of your system after assigning a team to own and execute your disaster recovery plan. A friendly name for this is your “business continuity plan.”
Beth Tinsman is the founder and CEO of Twin State Technical Services, Davenport. She can be reached at (563) 441-1504 or www.tsts.com/contact.