Attorney Recommendations: Easy Ways Businesses Can Improve Their Cyber Security
If your business network, or computers or mobile devices have been hacked, you probably don’t need any convincing that improving your resistance to hacking and network intrusions is a good idea. If you’re one of the unfortunate companies that has been affected by ransomware, then you’re even more motivated to insure this never happens again.
There is no doubt that a thorough network assessment conducted by a competent IT and Network Security company is the way to go. Knowledge is power and with an understanding of your vulnerabilities you can decide what level of protection you want or need.
In the meantime, here’s a few easy things you can do yourself to be more secure.
Train employees in security principles
Depending on the study you reference, 80% – 95% of intrusions could have been prevented with different user behavior or practices. End User Awareness Training such as offered by NSGi is one of your most powerful tools in stopping cyber intrusions. You must establish basic security practices and policies for employees, such as requiring strong passwords, and establish appropriate “Internet use guidelines” that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information, how to deal with external phone calls and emails, and other interactions involving technology and the internet.
2. Protect information, computers, and networks from cyber attacks
You should make sure every computer in your organization has the latest security software, web browser, and operating system. These are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available. Don’t be cheap! Pay for the licenses for the best versions of reputable antivirus software.
3. Provide firewall security for Internet connections
A firewall is a set of software or a dedicated piece of hardware that can prevent outsiders from accessing data on a private network. Professional security companies will almost always use a hardware firewall but they can be complex to configure so at least make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home system(s) are protected by a firewall.
4. Create a mobile device access policy
Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require your employees to password-protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Make sure any stolen or lost devices are reported to your internal it team immediately
5. Make Offsite backup copies of important business data and information
Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly and store the copies either offsite or in the cloud.
Final Word on Security: End User Awareness Training for Employees
A joint study by Stanford University and a large private security firm found that a whopping 88 percent of data breach incidents are caused by employees. Similar research by IBM Security puts the number at 95 percent. There is just no doubt that failure to train employees on proper policies and procedures regularly, and then enforce their use, is the number one reason why data and networks get compromised. So called “social engineering” is the single most effective way hackers can get inside your network and only a well educated, cyber aware employee can defend against it.
At NSGi, an important part of our business is to offer End User Awareness training to all of our clients and their employees on a quarterly basis. In each workshop, our team can educate yours on the most current scams, all the computer do’s and don’ts as well as best and worst practices that prevent severe network intrusions. This training is available on-site or virtually for teams and both technical and non-technical employees, and is the best single thing you can do for your peace of mind and your security.
If you’d like to implement our IT end-user training or any of other small business IT services in NJ, please visit our website at: Network Security Group, Inc.