Cybersecurity Awareness Month: 10 Tips to Protect Your Business

Due to an increasingly complex operational landscape rife with cybercrime, October has been designated National Cybersecurity Awareness Month. It’s time to raise awareness about the importance of cybersecurity and learn how to protect yourself and your business from cybercrime.

In the spirit of this important moment, here are 10 tips to consider implementing this month to strengthen your controls.

Tip #1: Do third party work
Due diligence

Third-party providers have an increased risk of an indirect cyber breach. To protect your business, ensure all vendors have either a System and Organization Controls (SOC2) report or similar certification.

Tip #2: Offer security awareness training

Semi-annual security awareness training can help your employees avoid falling victim to malicious actors. Effective security awareness training should educate employees about potential security risks and provide them with information on how to respond to and report a potential incident.

Tip #3: Create an incident response plan

An incident response plan should include step-by-step instructions for employees to follow if they are affected by malware or a cyberattack. This should include who needs to be notified, what immediate IT measures need to be taken to limit the damage and what needs to be done as a result. Once the formal incident response plan has been developed, it should be tested at least annually so that all critical personnel know their role if and when an event occurs.

Tip #4: Use multi-factor authentication.

Traditional authentication typically requires an ID and password. As the name suggests, multi-factor authentication (MFA) adds an extra step, such as entering a code that is sent to a secure device. While it may feel like another hoops to jump through, MFA provides an additional layer of protection to protect you and your business.

Tip #5: Update your systems

Life can be hectic and it can be all too easy to put off updating your system. However, these updates cannot be ignored. They can help close potential vulnerabilities that could be exploited by cybercriminals and provide enhanced security features. Therefore, it is a best practice to ensure that all devices (phones, tablets, laptops, desktops) have the latest operating system versions and security updates.

Tip #6: Back up your data

Regular backups of your data can help reduce the impact of a cyberattack. If you are affected by ransomware or malware, this way you can recover the important data that was damaged or compromised by the incident.

Tip #7: Change your logins

Use strong passwords and avoid using the same login ID and password for different systems. Try to avoid terms that refer to your name, birthday, or other personal information that might be publicly available. Use a password vault to remember your passwords.

Tip #8: Don’t trust caller ID

Phishing scams are one of the most common forms of cyberattacks. These attacks occur when a malicious actor attempts to trick a person into revealing sensitive information via email, phone call, or text. Technology makes it easy for scammers to spoof caller ID information, so the number shown may not be legitimate. Don’t click on links from people you don’t know.

Tip #9: Activate cyber software

Firewalls and anti-malware software should be installed on all devices used for work or personal use. Companies often make this software available to all employees and IT managers ensure that company-owned devices are properly installed. As per Tip #5, be sure to keep all software up to date to ensure maximum protection!

Tip #10: Stay informed

Sign up for security alerts and all corporate (and personal) credit cards. This way, if the card is used for a purchase that you did not make, you can quickly contact your bank to investigate the matter and block the card before further fraudulent transactions occur.

In a time of increasing cyber threats, protecting your business from cybercrime requires a proactive and comprehensive approach. By following the best practices outlined above, you can significantly reduce your organization’s risk exposure. Remember that cybersecurity is not a one-time task, but an ongoing process that requires vigilance, education and the use of robust tools and strategies.

Charlie Wood is executive vice president of Information Risk Management at Bonadio Group and co-founder and practice leader of FoxPointe Solutions.