October is Cybersecurity Month here at WW Works.
17 Prepare an incident response plan (IRP)
The truth is, no matter how much you do to prevent a cyberattack from reaching your organization, the possibility can never be entirely mitigated. That said, it is important to identify what your plan will be in case an emergency occurs.
An IRP identifies what your organization will do should there be a cyberattack, and who is responsible for the different components of this response. It is important to have this established as a quick response to an attack is fundamental in preserving your information and reducing potential costs.
Hire a managed service provider (MSP)
Cybersecurity is complex, complicated, and requires consistent attention and updates. That said, having someone in your organization who is not trained on cybersecurity and responsible for the implementation and maintenance of your cybersecurity system would be time-consuming and difficult. Furthermore, without proper training, it is not guaranteed that this employee would implement the right solutions for your business.
Hiring a managed service provider would likely be cheaper and less complicated for your organization, leaving the IT to the experts and allowing you to focus on the core of your business. Hiring an MSP would also give you the opportunity to implement additional IT infrastructure at a portion of the price you would pay having done it yourself. Overall, this would provide you with organizational efficiencies, reduced costs, and a more secure system.
18 Develop a work-from-home (WFH) policy
The number of organizations pursuing a WFH strategy has skyrocketed within the past couple of years (thank you, Covid). This change has had a huge impact on our approach to work, and also on our IT. WFH has brought many challenges when it comes to an organization’s cybersecurity and how to remain secure with employees scattered across various locations.
Therefore it is important to implement a cohesive and well-communicated work-from-home policy, so that employees understand the circumstances to work under and how to prevent cyberattacks from occurring. These policies may include avoiding working from a public Wi-Fi (e.g., at a coffee shop), using strong passwords and updating these on a regular basis, or using an auto-lock if they leave their screens unattended.
19 Use secure software
These days, there is an incredible amount of additional software that businesses use to streamline operations and run business efficiently. With this increase in added software also comes the increase in potential security threats.
Before signing on to new software, do your due diligence by reviewing information about this software such as when it was created and how frequently it is updated. You can also look for online reviews, especially among credible professionals, who can stand by this software. You can also review the terms and conditions (yawn) to ensure it is abiding by the standards in place.
20 Ensure your website is HTTPS
Hypertext Transfer Protocol Secure, or HTTPS, provides an additional layer of encryption to your website. Ultimately, HTTPS is another layer of protection against cyberattacks. Google has begun penalizing websites that do not include an HTTPS by warning visitors that the website connection is not private, lessening their Google search ranking.
It is required that you have a transport layer security (TLS) protocol to establish your HTTPS. Many newer websites will already come with a TLS installed, however if your website is old, it is important for you to acquire a TLS certificate and link it to your website by a professional.
21 Secure your Wi-Fi
A secure Wi-Fi connection is one simple way to ramp up your cybersecurity game, reducing threats by encrypting and password-protecting your connection. If your Wi-Fi is public, speak with your internet provider about obtaining an additional modem that will make your connection less easy to access and hack.
A secure Wi-Fi connection will also identify suspicious websites that you are using and blocks malicious and unwanted users and devices from access. And remember- always secure your Wi-Fi with an effective password and change this every 2 to 3 months.
22 Expect a Crisis
I’m sure by now you’ve heard the phrase “not if, but when”. This means the question is not if your organization will experience a cyberattack, but when your organization will experience a cyberattack. This rings especially true for organizations that do not have a sufficient cybersecurity structure in place.
That said, it is important to plan exactly how you would respond to a crisis when it occurs so that you can respond early and reduce potential damage.
Stay tuned for the next tips next week!