“Ignorance is bliss!”
And yet, it's enough for you to ignore a vulnerability in your security system and you'll face chaos!
You will have turned your worse nightmare into reality: your business's digital identity has been compromised for good, cyber criminals have infiltrated your system, your customers' sensitive data has been exposed and your brand's reputation irreparably damaged.
It's enough for you to ignore the necessity of a patch in a given context and you lose everything.
And “everything” has the same significance for you whether you're running an “enterprise-level business” or a small one, wouldn't you agree?
Now, don't you find “reducing the likelihood that such a scenario should become reality“ a far healthier business mentality than: “rely-lying exclusively on good fortune”?
In this respect, here are 8 crucial cyber security tips you should start implementing ASAP for “your good night sleep”:
1. Point Out The Safety Protocols For Social Networking
First of all, you need to face it and accept it: it's your employees that actually turn your vision, as a business owner, into reality. And it's them, as well, that could “put you out of business”.
And more often than not they “manage” to do this unintentionally!
By simply not following some basic safety protocols whenever they access social networking sites on company devices.
Here are some elementary precautions that you should remind them (on a regular basis) to take whenever they access these websites at work (or at home, but from company devices):
- never post identifiable information on your social account or, even worse, information breaking the company's confidential policies and procedures
- never trust the “friends only” option available on your social account: absolutely everything you post there could get public
- there's no turning back once you've posted something on your social account; “deleting” that particular link/image won't guarantee you that all the copies of the information will get deleted
- think twice before you post any kind of information about somebody else from work
- never trust “new people” that you socialize with on such networking sites: you never know to whom you might unintentionally give away confidential information
2. Consider Encryption: Protect Your Clients' Sensitive Data
Especially if it's credit card details or patient records that you're storing on your Drupal website.
You should handle this sensitive data as if you were handling delicate (and nonetheless expensive) china!
And encryption technology is the best way to protect such confidential data. We, the team of developers working in this Toronto digital agency, strongly believe this!
You already know how it works: the used technology relies on specific algorithms which make that sensitive information readable only to those having the correct keys.
Still, you should go from just “knowing” (how it works) to actually “implementing” it! Your clients' data is definitely not a subject of debate: “to use or not to use encryption”!
3. Train Your Team on Specific Cyber Security Protocols
Do not expect your employees to guess the specific precautions they should take for avoiding to unintentionally cause security breaches within your company.
Also, do not rely exclusively on good faith, thinking that they'll stick to the protocols that you will have developed for them either. Keep reinforcing these good practices, keep giving them trainings aimed at reminding them which are the risky cyber security habits that they shouldn't adopt and the specific security protocols they should incorporate in their work from day one to the very last days in your company.
4. Keep Your Business WI-FI Network Safe
Running your business on an unsecured WI-Fi network is almost like: riding a bike blindfolded!
It's a one-way road, you'll keep it on your cycle track, and you know you've been riding bicycles on this particular road ever since you were a kid. Chances that anything bad should happen go down to zero.
And yet, why should you run any risks at all?
When you could simply take some additional steps for properly securing your WI-FI network?
- hide your network name
- go for an ultra-strong password
- use a firewall
Better safe than sorry! Better “with the eyes wide shut” than “blindfolded”, right?
5. Strengthen Your Passwords
And this doesn't mean that you should rush in now to double or to triple the number of characters included in your passwords.
It's not just the number of characters (ideally at last 12) that makes a password “solid”.
There are other criteria, too, you know:
- first of all: it shouldn't be a word included in the dictionary
- secondly: it should include symbols, uppercase and lowercase letter and numbers, as well
And that's how you get yourself some “hard to crack”, “superhero” passwords!
Note: whenever recalling all these superhero passwords gets increasingly challenging, go for a “password manager”. Do a little research yourself, find the one that best suits you business security needs and commit to sticking to it along 2017!
Make a pledge!
6. Set Up Multi-Factor Authentication
Once you've implemented tip no. 5, accept and adapt to this proven fact: there's no such thing as "unbreakable" password!
How about that?
You should always back up your otherwise solid passwords with a two (or a multi)-factor technology!
One that requires an extra step in the login process: an extra element that the one involved should provide before logging into his/her account.
Think Paypal, for instance, or think (pretty much) any bank: their login processes do not limit to the steps of typing in a user name and a password. There is an extra security information that you need to type in before you access your account.
Again, we need to stress this idea: especially if it's sensitive data that you're storing on your Drupal website you shouldn't tighten the purse-strings when it comes to the no. of data protecting technologies that you're using.
Better safe than “unworthy of your client's trust”!
7. Backup, Backup, Then Backup Some More
Your data is your business! It's the very DNA of your business!
So, you can't afford to run any risk of losing it, just like that, after a sudden cyber attack.
After all, the whole idea behind implementing all these cyber security good practices is not just to avoid putting your business at risk, but to be “up and running” immediately after such an event does occur (if)!
Preparation is key!
So, while keeping your business' digital identity at bay from any cyber security vulnerabilities that could be exploited, make sure to be properly prepared if “the unwanted” sill occurs!
By setting up a backup plan you actually make sure that an eventual attack won't cost you too much “recovery time”. And time is, indeed, money!
It doesn't have to be a tedious process, but rather a consistent one, made of regular data backup up steps that you need to take throughout the whole life of your business!
It's a “commitment for life”!
8. Constantly Update Your Software and Browsers
We could, as well, have called this last tip: update, update, then update some more!
We know how annoying those notices can get when you're running out of time and you still have so many tasks to handle. We've been there, too, while working on our web projects in our digital agency in Toronto.
And yet, do yourself a favor: do not ignore them!
Moreover, follow your software or operating system's advice and run these updates or use the patches they're ready to strengthen your business with.
It's time consuming, we know, but do not think it in terms of “time is money” (not this time), but rather as “time invested in your business's long future”.
Since cyber criminals are constantly “refining” their breaching methods, software companies, too, need to keep up with them and to constantly update their security systems.
So, overlooking their recommendations to update is like saying: “No, thanks! I'm way too busy going out of business”.
Two more tips and we would have had a “cyber security Decalogue” for you!
What other 2 more “tips”, to make a list of 10, would you have added? Feel free to share them with us in the comments below!