During uncertain times like these, people look to leaders for guidance on how to move forward. So, during these unusual circumstances in all our lives, it is time for leaders to act as influential teachers and take action. This is the time to show vision and knowledge and move forward.
Given that criminals are taking advantage of reduced security now that so many businesses are working remotely, leaders should equip their staff with ways to enhance their networks and organization’s security level. This is important because fraud and criminal tactics are becoming more professional, sophisticated and widespread. All of us are targets of a breach, so everyone must become aware and develop proactive and defensive plans. To ensure a farsighted view, we recommend the following strategies for all business managers and owners:
- Stay compliant – Each industry has either compulsory strictures on IT security or at least a set of guidelines. It is incumbent upon management in each organization to know and understand what those requirements are. At the very least, each should have a cybersecurity plan and cybersecurity insurance in place.
- Take stock – Whether with an outside consultant or internally, take an objective and detailed look at everything you do. Pinpoint everyone who touches any critical business data or confidential personal information. Identify the weak links and/or the areas of higher risk and take actions to limit those.
- Enforce password policy – Many organizations have taken advantage of password management programs to put in place strict policies regarding password strength, password multiplicity of use and password change.
- Know the enemy – Most managers know their competition inside and out. That is smart business! Now managers must also be current on what the criminal enemy is doing because they are a bigger threat. Stay in touch with your industry peers and remain connected to trade associations that provide guidance so you can be aware and not in the dark. That is half the battle!
- Educate the team – Your organization’s staff are another very key line of defense. Their awareness and heightened sense of urgency regarding information security is of paramount importance. Since social engineering (through interactions with people) is where the largest number of breaches occur, be sure your staff knows all the warning signs and knows how to defend your data.
- Implement Multi-Factor Authentication (MFA) – Proving you are who you say you are to an email account, remote server, or specific computer is the way of the world. Newer methods are even including fingerprint scans. Make use of it. Not doing so is a huge increase in your risk factors.
- Lock the front door – Email is like the front door to your business in terms of access from the outside. It is a bigger front door than your literal front door! Fraudsters of all types use email as the access of choice in most cases. So, do all you can to lock it down and back it up. Use your most complex password for email and never use it for anything else. Encrypt email communications, and never share confidential information, account numbers etc. via email.
- Trust No One – That sounds harsh, but it is the best strategy. Confirm via phone or in person any email requests involving funds or confidential information. Criminals are great impostors; do not fall for their taking on the identities of your staff, vendors or clients!
The uncertainty of a potential security breach is something that we all must proactively plan for, especially during difficult and turbulent times like we are all experiencing now. Click here and let IT Radix help lead the way!
First published in our May 2020 IT Radix Resource newsletter