What's Your Cyber Security Plan?
Once upon a time, the only break-ins a business had to worry about were of the burglar/larceny variety.
This is the age of the Internet (and the Information Age, and the Wireless Age, and ... ), which means that any business that wants to have all of the bases covered and all of their ducks in a row (not to mention the ducks on the bases) needs to take into consideration the virtual or cyber aspect of doing business, and all of its ramifications.
One of the bigger ramifications in this case is: you need a cyber-security plan.
Why Do You Need A Cyber Security Plan? Once upon a time, the only break-ins a business had to worry about were of the burglar/larceny variety. For all of its conveniences and awesomeness, the Internet has opened up whole new venues of theft.
Think of it: there are hackers and identity thieves out there, some of them absolute professionals, and others with ties to organized crime. You have numerous groups and individuals of just plain troublemakers who like boosting Social Security numbers or accessing other people’s credit cards.
But that’s not all ...
As the article
"No Business Is Too Small For A Solid Cyber Security Plan" points out, small businesses are vulnerable to things like Malware and Ransomware, as well as possible weaknesses thanks to Bring Your Own Device (BYOD) policies.
Fortunately, there are ways to put together a good plan and prevent Internet security breaches, as noted in
"How To Get Security Right".
How Do You Make An Effective Plan? The best way to make an effective cyber-security plan is to address the following issues:
Determine Who Can See What Spell out who gets access to how much of your business’ data. There should be a clear, coherent, logical list of trusted people (e.g. CIO, IT Staff, CEO) who have these privileges.
Backups Write up a schedule for backing up vital company data, and make sure that there are at least two copies made, with one of them stored offsite.
Antivirus Software And Firewalls Select a good antivirus security package, as well as a strong firewall for defending inbound and outbound traffic. Work with the IT department in deciding exactly what to get, but regardless of what you choose, make sure that you have both of these in place.
Create An Email Engagement Policy There are company rules that cover just about every aspect of employee behavior; don’t leave out email engagement. Write out a company policy on how to handle suspicious emails.
Incorporate Data Encryption Even if hackers somehow still get your data, if there is an encryption in place, all they get is gibberish, since you have the encryption key. This is particularly key if you handle clients’ financial information online.
Mobile Device Security Policy People are increasingly going mobile, and you need to have rules in place to accommodate this. That includes coming up with a mandatory password policy (including what sorts of passwords are acceptable).
Wi-Fi Security Finally, there’s the whole matter of Wi-Fi. Networks need to be secured with a password or phrase, use WPA2 encryption, and change your SSID (e.g. your network router) to something that will keep your network better hidden.
This seems like a lot of ground to cover, but as we know, with great Internet power comes additional security responsibilities. Decide what your policies will be for the above areas, spell them out, and make sure that everyone is made aware of them. While there’s no such thing as a 100% impregnable security system, you tilt the odds in your favor when you adopt a sound cyber-security plan.
Find out more on the future of Technology at our DLUK - Trends Briefing on the 24th September 2015