Imagine getting an email saying you no longer have access to your client files and financial data. Worse, the cyber criminals are asking you for money and they will release the data back to you once you pay.
Maybe you’re thinking, “We’re just a small non-profit – hackers won’t bother with us.”
But that’s exactly what happened to a small non-profit called Little Red Door. They did not pay the ransom, though, thinking they had no sensitive information anyway. However, it took them months to rebuild their client data.
But what can you do if your resources and IT knowledge are limited? How can you reduce the risk of a data breach or any similar cyber-attack?
If you haven’t got a cyber security solution in place just yet, here are some cyber security best practices that you can implement today to help protect your organisation.
Cybersecurity Tip #1: Use a Password Management App
Yes, you’ve heard it before (and probably multiple times) that maybe you’re tuning out this advice. Still, the simplest thing you can do immediately is to require everyone in your organisation to use complex passwords. That means no more using your pet’s name and your date of birth ??♂️
But with complex passwords comes the challenge of recalling them. That’s where a password management app can help with storing and even generating passwords.
Cybersecurity Tip #2: Use multi-factor authentication
Adding a step just to log into your own account can be annoying. However, the few seconds it takes you to do this is worth extra layer of protection against unauthorised log-ins.
The process to set it up is also simple as well, so you might as well make this part of your security policy for all devices that your staff use for work.
Cybersecurity Tip #3: Update your software routinely
Failing to update software regularly can leave security holes that cybercriminals can exploit. Keeping software up-to-date should be a standard rule in your business. It can be automated in many cases, so it may not require significant effort from staff and can reduce the risk of human error.
Cybersecurity Tip #4: Train staff regularly
Just as cyber criminals are getting better at what they do, you should help your team get better at recognising cyber threats. You can do this by providing online security training to staff on a regular basis.
This does not have to be a one-time thing. You can create a training plan to ensure that all staff get updated about cyber security every few weeks or so.
Cybersecurity Tip #5: Restrict admin privileges
Limiting administrative privileges is one of the most important cyber security measures. Yet, we often find many businesses with users that have unnecessary elevated privileges. The more users with admin access, the greater the security risk to your business. So, unless it is critical to their role (i.e. they can’t work without it), users should not have admin access.
Start by auditing who has access and evaluating whether they require access. If you’re unsure, talk to your Managed IT Services provider, they can help you identify who really needs the keys to your kingdom.
Cybersecurity Tip #6: Conduct vendor due diligence
Review the security and maintenance practices of third-party vendors. You may do this annually via due diligence coordination meetings with vendors. This can help you to monitor and audit vendor compliance with your requirements.
It’s also important that you review contracts with third-party vendors and ensure they include clear cybersecurity requirements and protocols. This can protect you from potential vulnerabilities or breaches originating from third-party vendors.
Cybersecurity Tip #7: Develop a risk mindset
Encourage your staff to question unusual events and quickly investigate potential fraud. It may require some training and ongoing education to reinforce such mindset, but it will be well worth the time and effort you put into it.
By developing a risk mindset within your organisation, you will be empowering your staff to be the first line of defence against cyber threats. This will help to create a culture of security awareness.
Cybersecurity Tip #8: Don’t wait – you can fortify your security right now
Don’t let the “cyber” in “cyber threats” deceive you into thinking that they only happen in cyberspace, or that they can only happen to others. Cyber threats are real, and they can affect businesses as well as our everyday lives.
Because the impact of cyber incidents can be costly and damaging in more ways than one (as Little Red Door had probably realised), the measures advised in this article should be done right now, if possible.