There’s more pressure than ever on businesses of all types and sizes to tighten up their security, and better protect not just their internal corporate data, but the private personal information of their users and customers as well.
If you've added strengthening your company's security to your New Year's Resolutions, you're in luck: we’ve put together a three step action plan that’s going to make your 2019 a whole lot safer.
Step 1: Understand the Threats
To protect yourself from the dangers, you must first understand them.
We’ve all heard terms like “phishing” and “ransomware” in the news, but how much do you actually know about them beyond the fact that they're not good for business?
It’s important to familiarize yourself with all the various tricks and tactics hackers and cybercriminals employ, to better understand how they work and what risks they pose. This will require some research, and there are plenty of online resources out there that can provide in-depth information on the topic.
Once you’ve wrapped your head around these potential risks, a good exercise would be to calculate the cost of a data breach on your company.
If your business got hit by a cyber attack today, how much of a financial loss would you be looking at? How long would it take you to recover? What are your weak points? What kinds of protective measures do you currently have in place? etc.
Step 2: Consult Your IT Department
After you’ve analyzed the dangers and assessed the risks, it’s time to bring in the pros: your IT department (or IT person).
While you don’t need to understand all the minute technical details of everything your IT team does, it’s important to communicate with them and make sure you’re all on the same page when it comes to the company’s security.
In order to validate your assumptions, call a meeting with the IT department, express your concerns, share your findings, ask for their expert opinions, etc.
Following this meeting, ask them for a three phase plan.
Step 3: The Three Phase Plan
Yes, an action plan within an action plan. Planception.
This plan should have 3 phases:
- Things we can do in a week
- Things we can do in a quarter
- Things we can do before the end of 2019
This plan should address 3 key areas:
- People: reducing the likelihood of phishing attacks and other internal threats (ex: employees going rogue).
- Systems: securing your infrastructure and making sure everything is up to date and doesn't have any disclosed vulnerabilities.
- Authentication: ensuring that all employee accounts have strong passwords and two-factor authentication enabled (a great password manager would make this a breeze).
The execution of your plan may vary based on the amount of legacy systems in place, and the number of employees in your company, but for a standard business, the below can be a good distribution:
Phase 1: Systems-focused
Phase 2: Authentication-focused
Phase 3: People-focused
While following this plan will definitely set you on the path towards a better protected business, it’s far from a 'happily ever after'.
It’s important to remember that cyberthreats are constantly evolving, and staying one step ahead of those crafty hackers will require you to always be ready to adapt and react.
With that mind, we here at Myki would like to wish you a happy new year and a safe and secure 2019!