Your organization faces threats every day – threats to your network, your data, and your physical location. Even a single successful data breach or office robbery can drain your finances, damage your reputation, and even put you out of business.
Here are 5 steps businesses of any size can take to protect themselves from both digital and physical dangers. And once your company is better protected, it’ll be free to grow and ready to face the future with confidence.
Step 1: Protect Email
There are 2 parts to this step – software and employee education. First, every business needs anti-spam and anti-virus installed. These tools help block spam, viruses, ransomware, phishing attacks, and other malicious materials.
However, those tools won’t stop every single bad email. You also need to educate your employees on how to spot sketchy emails, links, and attachments. These dangerous emails can take a variety of forms:
- Some contain links that bring in a virus
- Some ask you to visit a webpage that impersonates a login page from a trusted company and then steals your credentials
- Some are simple plain text emails asking you to share information
30% of users open emails from attackers and 10% click on attachments or links. Effective training can dramatically boost your employees’ knowledge of email threats and how to respond to them.
Have your employees ask themselves these questions whenever they’re uncertain about an email:
- Were you expecting this email?
- Is this a normal process?
- Can I confirm this by talking to or texting with the actual person?
Step 2: Protect Passwords
Why are so many cyberattacks successful? Two words: bad passwords. More than 60% of passwords are weak, default, or stolen. They’re easy for hackers to guess or buy on the Dark Web. Once a hacker has a user’s password, they’re in.
Everyone in your organization should follow these password best practices:
- Don’t use short passwords or common passwords (think “123456”)
- Avoid using personal information like an address or kid’s name in your password
- Passwords longer than 11 characters are significantly stronger
- Change your password twice a year
- Don’t repeat your important passwords across different accounts
- Use unique passwords for every account and use a service like LastPass to manage them
- Do not save password lists in an email folder, Excel file, or Word doc
- Enable 2-factor authentication whenever possible
Also, it should go without saying that if your password is on the Worst Passwords List, you should change it ASAP.
Creating Strong Passwords
Your passwords should be long and difficult to guess. The good news is, you don’t have to try to remember a complex string of letters, numbers, and symbols (like “Tr0ub4dor&3”).
Instead, use the 4 Word Password Strategy to visualize strong passwords. Think of 4 unrelated words and picture them in a scene together (ex: “mountainstaplebatteryhorse”). Recall the image in your mind whenever you need to remember your password.
If you prefer your passwords to be more of a sentence, try turning a meaningful sentence into a password, like this:
- WOO!TPwontSB = Woohoo! The Packers won the Super Bowl!
- PPupmoarT@O@tgs = Please pick up more Toasty O's at the grocery store.
- 1tubuupshhh…imj = I tuck button-up shirts into my jeans.
Whatever method you choose, start improving your passwords right away.
Step 3: Build a Human Firewall
You can put in place the best technologies money can buy, but training your people will have an even larger impact on your success. In fact, employee training decreases the total cost of a breach by $270,000.
Good employee training starts with the right approach:
- Help employees understand the “why” behind the training
- Good training connects the user to their own personal investment in IT security
- It must create a positive sense that greater security is possible
- Training must be a priority from the top all the way down
- Provide training that not only shows users how to secure business information, but their personal information as well
It’s a good idea to reaffirm why cybersecurity training is important with examples of how it impacts your business. Do this during new employee orientation and atleast once a year. Research shows that only those users who are trained once a year or more believed that it actually increased their security awareness.
Trying to build your own training program in-house is time consuming and expensive. We strongly recommend you use a professional training program. A good training tool should have updated content and include a scoring/reporting system. The data you collect from the training tool will help guide future training goals and identify the problem areas you need to focus on.
In the meantime, make sure your employees are doing these 4 things: The 4 Most Important Security Tips for Remote Workers
Step 4: Move to Next Generation Endpoint Protection
It’s no longer acceptable to just have anti-virus and nothing else. It’s simply not enough anymore. You need a solution that delivers:
- Real-time endpoint protection: prevents known and unknown threats in real time
- Detection and response: devices detect attacks and respond by stopping processes, quarantining themselves from the rest of the network, and even rolling back to an earlier, clean backup
- IoT discovery and control: discovers new IoT devices on your network and finds rogue devices
- Native cloud security: deployed and managed in the cloud and covering your entire network
At ITP, we offer this next generation endpoint protection teamed with our Security Operation Center (SOC) capabilities and personnel. Whichever solution you choose, look for a comprehensive, certified tool that covers all the bases.
Step 5: Implement Next Generation Physical Security
Have you thought about the physical security risks to your organization?
- Tailgating – closely following an employee through a secured door
- Document theft
- Unaccounted visitors
- Stolen identification
- Social engineering – posing as a legitimate vendor or visitor to get past the receptionist
To bring our clients the best in physical security we’ve formed a new partnership with video security company Verkada. They provide a unique, cloud-based system that replaces all the bulky, expensive, hard-to-maintain systems for cameras.
With Verkada, each camera stores 120 days of video footage and uploads the data directly to the cloud. No extra switches or hardware needed to connect your cameras into your network. Its user-friendly management platform lets you securely access camera footage on any device. The best part? Door security is done via facial recognition, not a fob. So a tailgater won’t be able to access any secured areas.
If you’re looking to enhance your physical security, a state-of-the-art video system is an essential component.
Knowing the state of security and the challenges facing our businesses today, we encourage you to start implementing the appropriate security tools and practices. We’re here to help with guidance and solutions. Contact us today.
You can also learn more by streaming our webinar: 5 Security Tips to Help Your Business Grow.