2020 has been a year unlike any other. 2021 will likely present as many — or more — challenges.
Many of the issues businesses faced this year were unexpected things like the COVID-19 pandemic and the resulting business shutdowns and economic crisis.
Others were more predictable — and potentially avoidable — like a record number of cyber security hacks and data thefts. While the final numbers aren’t in yet for the whole year, industry experts are reporting an approximate six-fold rise in overall cyber thefts. Most of this increase can be traced back to hacking activity related to the coronavirus pandemic.
Why let your business be a sitting duck? Here are nine things you can do to plan now for the security threats you could be facing in 2021 and beyond.
1. Upgrade your network security.
Cyber criminals are becoming more sophisticated all the time. They’re employing advanced methods to attack businesses of all sizes.
If the possible types of threats to your business are changing all the time, shouldn’t your network security evolve as well? If your security plan and systems are a year old or more, it’s like you’re using a castle and cavalry to protect your online assets against a nuclear bomb guided by a top tier satellite delivery system.
You must have current, up-to-date plans and systems that can guard against all types of hacks, identify them instantly when they happen, limit damage and help you recover rapidly should the worst occur. It can be a lot for a business to do on its own.
It’s a smart move to find out whether your operation is vulnerable. You should take advantage of GeekHD’s free review of your current systems. It’s a proven way to find vulnerabilities so you can take steps to fix them before a cyber thief exploits them to harm your business. Think of it as a great first step toward enhancing your security plan and network for the new year.
2. Implement an awareness, education and communication program.
Your employees aren’t cyber security experts. However, they need to be. Simple and easy to avoid worker mistakes often result in devastating online security incidents that cost businesses a lot. It can destroy their reputations and take millions of dollars to clean things up.
Make the people on your team aware of best practices related to handling data and maintaining the security of your systems. Explain new issues and threats as they arise. Training and education aren’t once and done. People need to be reminded again and again about how to do things right to keep your business safe.
Go above and beyond by rewarding people for handling confidential data and information correctly and being on the lookout for potential security issues. Include cyber security as part of next year’s compensation plan by making part of everyone’s potential raise dependent on maintaining a clean data handling record. When someone does something above and beyond, acknowledge it, give them a meaningful reward, such as an Amazon gift card, and share the story with everyone on your team so they can learn from it.
The money you spend on education and compensation will be far less than what it could cost you if your business is the victim of a data breach or cyber theft.
3. Prevent phishing attacks.
Many of the coronavirus-related hacks on businesses start with a basic phishing scheme. Employees receive an email from an authentic looking source, such as a state health agency, and take the action requested in the email, such as clicking a link or downloading a pdf. The action then releases malware that will mess with your systems, software and records.
Why do employees get duped over and over again by fake emails? It’s mostly because they’re curious, afraid or acting on urgency. If you do one thing over the next year, educate the people on your team about the proper ways to handle email, especially taking the emotion out of responding to it.
4. Get control over removable media.
The damage a simple USB drive can do is shocking. Yet people use them all the time without thinking. Or worse, lose them along with the important data they contain.
Find out about what types of removable media are used within your organization. Eliminate any that is not secure as soon as possible. Develop a policy for proper use of these types of devices and enforce it. Install software that scans all media for malware before any data is imported onto your business systems. It’s a great added layer of protection for your operation should someone on your team — or a contractor — make a mistake despite your best efforts to prevent them.
5. Identify the weakest links.
Are your systems a mash up of software and devices patched together to store and transfer data so the people on your team can get work done? It’s not an uncommon situation. Many businesses employ new software and systems on an as needed basis and link it all together to make things work.
The issue: Those patches that hold things together are the weak links in your systems that cyber thieves look to exploit.
Use the year end planning process as an opportunity to take a fresh look at your network. Work with your team, along with the professionals at GeeksHD, to check to see if your overall network is secure. If it’s more like a house of cards than a mighty fortress, it could be time to rethink things from the ground up to build a stronger foundation for the future of your operation.
6. Limit user privileges.
Have you looked into who has access to your confidential business data and customer records? If not, it may be more people than necessary, and it could put your business at risk. Many data thefts are inside jobs that are traced back to disgruntled or greedy employees and contractors.
Use the new year as an opportunity to reset access privileges. Limit them to people who really need access to specific things to do their jobs. If in doubt, just say no and have individual workers make the case for why they need access to certain data, systems and software. If they’re able to prove it, only then should they be allowed to use it.
7. Plan for handling emergencies.
Even the best laid plans fail now and then. That’s why it’s critical for you to identify the people on your team who are necessary for your business to recover after it’s hacked, and to build a plan for how they should handle things. Check out our complete guide for how to protect your organization from a data breach and to recover from one should it happen.
8. Monitor your systems 24/7.
Your business may not be open all day and all night. However, your data is available — and accessible —to cyber criminals around the clock. Knowledgeable professionals must monitor your networks non stop. Would you send a security guard home at 5 PM? It’s more likely that you’d have them arrive at that time to watch your business when it’s most vulnerable.
The reality is that it’s almost impossible to find the right people to bring on to your team to watch your software and systems all the time. Talent is limited. That’s why it’s critical for you to partner with a firm like GeeksHD. We have experienced professionals available all the time who make it their business to watch your business. You owe it to yourself to contact us to find out how we can help you protect your organization now, in the year ahead and beyond.
9. Get control over your remote workforce.
The COVID-19 pandemic moved remote work from a concept to a reality very quickly. Most businesses weren’t ready for it and made the transition rapidly and with little thought. It has left many vulnerable.
The coronavirus crisis and the need and preference to work from home will continue well into 2021. Now is the time to put safeguards in place to make sure remote workers use and transmit data in safe and secure ways. GeeksHD can help you figure out whether your data is protected when people are working remote and offer recommendations about how to make things more secure.