With an average of 30 million cyberattacks per year disrupting essential services, like hospitals, schools, police departments and food supplies, the effects can be debilitating. Even The White House has pressed the importance of cybersecurity, launching resources to stop ransomware attacks and proclaiming it a federally-recognized campaign.
“Reputational damage is not the only aspect of an organization’s risk anymore when an employee falls victim to a cybercriminal,” said Spencer Timmel, National Director of Cyber Insurance at Safety National. “Regulatory fines, penalties, and lawsuits, in addition to paying a ransom to retrieve your data from a bad actor, are all potential incurred expenses from a cyber event. Employees need to comprehend these risks, as the company relies on their adherence to cybersecurity policies.”
This Cybersecurity Awareness Month, employers that are even a little admittedly behind on their cyber hygiene practices can clean up their act with these five tips.
1. Train Employees in Security Principles
Take the time to train and engage your employees and clearly outline the expectations of your company’s cybersecurity policies. Include training on spam, phishing, malware, ransomware and social engineering, so they understand how to identify a threat. Making your employees aware of security threats and how they might present, strengthens the most vulnerable components of your organization.
2. Enforce Safe Password Practices
Complex passwords are an essential mechanism in stopping cybercriminals and preventing access to your company’s networks. Frequently changing passwords and creating standards for their complexity (i.e., combinations of letters, numbers, symbols and case sensitivity) adds an additional layer of protection. When possible, employ multi-factor authentication, especially for more sensitive data networks.
3. Install Security Software Updates Regularly
The latest updates to your security software, web browsers and operating systems can provide antivirus and anti-malware protection that need constant revisions to defend against new cyber threats. If you have a network of IoT devices, make updates automatic, so your employees cannot forgo installation.
4. Secure Your Wi-Fi Connection and Use a VPN
From your local hardware store to your favorite coffee shop, just about every business offers Wi-Fi to its customers. But these public connections are often risky, making your secure data vulnerable. Ensure that your employees use secure, encrypted and hidden connections and utilize a trusted VPN for those working remotely.
5. Employ Vendor Management Controls
Most companies work with third parties on a somewhat regular basis. Still, their access should be limited, especially if you are handling personal identification information (PII) or personal health information (PHI). Data breaches commonly start from within a company, so it is critical for your reputation and the security of your clients that you have a thorough vendor management program that all stakeholders understand.