It’s easy to think that digital security begins and ends with the IT department, but if that’s how your business operates, you’re likely going to become the victim of a cyber attack. The reality is that you need security procedures and protocol in place in every area of your business, understood and executed by all your employees, not just the IT guy. The third pillar of digital security is procedure, which means implementing secure processes for every task, account and department.
Securing your Physical Environment
One essential step toward cyber security is actually physical security – making sure that thieves can’t just waltz into your business and get valuable information. Every business, even small businesses, need to have security measures in place to prevent sticky fingers and wandering eyes.
Your business should have locked doors that restrict access to the proper employees, as well as identification for your staff and any vendors you may use. And make sure that your employees keep their desks clean and don’t display any sensitive information. A sticky note with a login or password on it or critical reports or files left out on a desk are easy targets for a would-be thief.
Make Security Part of the Routine
It’s critical that your employees run regular virus scans and reports, as well as the necessary installing software patches and updates. Although you can rely solely on your IT department to do this, making it a part of your business’ practices will continually remind your employees of the threat of cyber attacks and help create a community that’s focused on security.
In addition, make sure that passwords are required to be complex and that employees don’t use the same passwords for multiple accounts or use the same passwords as their personal accounts. Enabling multi-factor authentication on accounts is another security routine that can help keep your information and systems safe.
Controlling Who Has Access and to What
Just like everyone at your company has a job title and tasks that come with that specific job, each person at your business should have their access to software, files, applications and permissions that suits their job. No more, no less. That means employees can access exactly what they need and not put the security of your company at risk, intentionally or unintentionally.
Putting controls on who can access what may seem too severe, but it can prevent would-be scammers from infiltrating your company for easy access to information, as well as keep disgruntled employees from taking out their revenge on your business or your clients. Even a trustworthy employee can be easily hacked. Controlling who can access what will limit the scope and severity of an attack.
For accounts on software or social media, set up role-based permissions. For example, your business likely has a Facebook page. Perhaps you are the admin of your page, but other employees update it. Facebook allows you to assign roles to your employees, granting them the ability to do certain things, but not make fundamental changes to the account. Instead of making everyone an admin, enabling these roles can help limit the scope of an attack by limiting what fraudsters have access to.
If you have employees who work remotely, consider setting up a virtual private network (VPN). A VPN allows users to securely access your local network from a remote location, shielding their connection from an internet network that can be compromised.
Do you know what kinds of cyber attacks your business is most likely to experience? Do you have a plan for what to do when that kind of attack happens? If you don’t already, you need one. Just like you’d plan for an emergency response to a physical disaster, you need resources in place to help you respond to fraud so you can limit your exposure and repair the damage that’s been done.
In addition, your business should have a system of backing up your data and files so that if they were compromised, stolen or even just erased, they could be restored.
Don’t wait until a disaster strikes to create a plan. The time you spend stumbling around, figuring out how to respond is time that fraudsters can use to steal your business valuable’ assets.
Setting up secure procedures may take thought, time, preparation and planning. But time spent creating and implementing air-tight security procedures will be an invaluable resource in protecting against and responding to cyber attacks on your business.
The final piece of the puzzle is perhaps the most obvious, people. We need to make sure our people understand how to deal with these threats and stay on the look out. Check out our final post to ensure you don’t become a victim to wire fraud.