The previous article discussed cyber security and its importance in modern businesses, how it should be at the forefront of every business’s concerns, and some of the methods used by cyber criminals to attack your systems and gain control over your vital information.
The following article explores some cyber security fundamentals that will equip and prepare you and your team in the event of a strategically planned cyber attack.
The Cyber Security Fundamentals
Good data backup
Cyber attacks are more common than we would like in today’s world. Data backups should be one of your main concerns. Your IT systems, and your essential data, must be protected to the highest standards. If they are stolen, deleted, or ransomed, your entire business will be unable to function, let alone achieve a productive level of work.
As a general rule, we recommend the 3-2-1 backup rule. If you’ve never heard of it, it ensures that your data is always backed up three times; two copies should be on separate storage media, and one should be stored offsite in case of an emergency. Keeping three copies of your data in different locations will give you peace of mind that you can always continue to work in case of an emergency.
Cyber security isn’t about guaranteeing security; that is impossible; new attack methods are developed every day; it is about managing risks. The key to cyber security and business continuity is to ensure you can continue working to an at least similar capacity as you did before the attack or disaster. By backing up your data, you will be able to keep your promises to clients and keep your business running smoothly.
Each of us has something that is password protected, and we all know the importance of passwords. Using common numbers or letters, or phrases that mean something to you, shouldn’t be a common practice. Passwords should be completely random – the letters, numbers, and other characters should have no meaning for you. Do your best to make them difficult, but do not forget them.
To ensure your team knows best practices when creating passwords, they must follow a set of rules. By doing so, they will be able to defend themselves against cyber criminals.
• If multi-factor authentication is available, use it.
• Avoid easy-to-remember passwords. You should avoid passwords that are easy to recall, such as sequential letters and numbers (such as 1234, 6789), as well as commonly used words (such as dog, cat, etc.).
• Passwords should be longer than 10 characters and contain a combination of letters, numbers, and even special characters – the longer, the better!
• Passwords should be changed regularly; accounts can be hacked without the owner’s knowledge.
Cyber security measures such as passwords are the first line of defence and arguably the most important. Unfortunately, users tend to think about their own experience more than the security of the system and instead make them as easy to remember and input as possible. A long password is tedious to type every time, but it is essential, as becoming the victim of a breach over a matter of seconds could be a bitter pill to swallow.
Another key cyber security measure is managing permissions. In the event of a breach, data could be lost, stolen, or – if clever cyber criminals are involved – your security settings may be changed to facilitate more devastating cyber attacks in the future.
Your laptops and computers must always be equipped with anti-malware software – that goes for personal and business devices alike. A lot of operating systems come with a free version that is fine, at best, but is under no circumstances good enough for business use; replace it with quality rated software as soon as possible.
The common perception is that cyber criminals are interested in stealing your information, and to an extent they are – however, in technical terms they are interested in encrypting your data – you need to get there first. Encrypting your own data may seem counterproductive, but you are the one who holds the keys. In data encryption, the readable text of your files and documents is scrambled so that only the person who holds the key can access them.
The most important line of defense in your organization is your team. As most attacks are directed at them – and due to their presumed ignorance – it is imperative they are equipped with both the knowledge of what to look out for and how to use security tools properly.
Implement an IT Security Policy
The need for an IT security policy cannot be overstated. It is crucial that the policies you decide to implement in your organization are clear, understood, and signed by your entire team, regardless of whether they are heavily dependent on IT.
Having everyone understand their role in achieving a cyber secure workplace will make your organization more secure from the beginning. It is essential that the policies are well thought out, they should clearly outline the security guidelines and obligations of employees when using the company’s systems, both in and out of the office.
If your employees follow the policies, you will have peace of mind knowing they conduct themselves online securely; whether they do so all the time is another matter, but having written their signature alongside the procedure, you can be sure that they have read and understand the policy, so you are within your rights to take action if they behave incorrectly. A policy can also outline the consequences.
The Right IT Support
With over 25 years of experience, Office Automation Technologies Inc is a leading provider of state-of-the-art IT support and services. We work hard to manage and support our clients’ IT infrastructures and related requirements so they can focus on their businesses, get ahead of the competition and drive revenues. Contact us now and talk to one of our experts.