It’s Week 3 of #CyberAware Month, and this week is all about tips and advice to ensure online safety at work. No matter where you work – government, industry, academia – we all have a role in ensuring online safety and security. While your organization may have an Information Technology (IT) department to oversee company infrastructure and computers, following cybersecurity practices to protect the organization from cyber attacks is a responsibility everyone shares.
Create A Culture Of Security
The actions we take to keep our personal devices and home computers safe also apply in the workplace. Some of the most important items to help keep your business (and you) secure are:
LastPass for Business is a great password management tool for small teams or for an enterprise. (Disclosure: This is an affiliate link, which means I may get a small commission if you purchase through this link. There is no extra charge to you and there is no requirement to purchase through this link to get the latest deal.)
Lock Down Your Login
Use the strongest authentication tools available for all your online business accounts. This may include biometrics, hardware “keys”, or two-factor authentication with a one-time use code through an app on your mobile device. Everyone should have their own user name and password for any required accounts – never share passwords, and never reuse passwords!
Use a password manager to secure and organize passwords; many of them can also provide “shared” access to accounts without disclosing the password.
Back It Up, Back It Up!
Put a system in place to ensure your critical business information is regularly backed up in a secure location (or two, or three). Employees should have the ability to back up documents and data they are working on, and there should be a systematic method of backing up and protecting customer data, financial information, business databases, and other important information. Don’t forget about information you have “in the cloud” as well, such as email or website information.
Use the “backup rule of three”, and remember to encrypt any sensitive information. Also, have a process to regularly test your backups. If there’s a problem, you want to be able to quickly retrieve important information – and that’s not the time you want to find out that the backups didn’t work or were corrupted.
When In Doubt, Throw It Out
Phishing is one of the top threats to any business; it’s one of the most successful ways an attacker can gain access to your systems, information, and even your money. Be very cautious of any links or any odd requests you receive, even if the message appears to come from someone you know. Verify any unusual requests, such as requests to wire funds, with the source. Never open suspicious links in emails, messages, tweets, or posts.
Cybersecurity Is Everyone’s Business
Business owners can set policies, and IT staff can help with technical tools, but cybersecurity isn’t just up to IT. All employees need to know how to protect themselves and the organization, and understand the cyber risks and necessary actions as the business grows or adds new technologies.
Get information on how to set up a cybersecurity awareness program with the Cybersecurity Awareness Toolkit, created for small businesses by the National Cyber Security Alliance, Facebook and MediaPRO.