Dealing with security does not need to be daunting. Good security is really made up of 100 or more little things combined. Even doing a few basic ones can increase your security ten-fold. Here are some simple things you can do right now and you don’t even need to hire an IT tech to get them done.
- Educate everyone around you. This is the simplest thing to do by far. Buy lunch and get everyone in the same room to talk about why security is not an “IT Thing”, but rather is up to everyone in the room. If you think that email is not quite right, then delete it or ask to confirm it is real. Did the CEO of your company, whom you have never talked to, send you an email telling you to check out his vacation pictures? Not likely so do not open any attachments or links and delete the email. The more you discuss any security concern the better it is for everyone.
- You can also leverage a 3rd party system like KnowBe4. They will basically send out emails to your team and see who opens them and falls for the spam bait. From there they educate the user about what to do and what not to do.
- Start using a password manager. I use LastPass and it works great. The only password I need to remember is for LastPass and for my other 100 plus passwords which are different from each other and very long/complex, I never need to remember them or even know what they are. LastPass fills in the login for me.
- Start using Multi-Factor Authentication (or MFA ) – By leveraging your applications advanced security, you can make some applications much more secure. Most newer applications allow for turning on MFA which basically means that you enter your username and password and then need to enter a “token” set of numbers to login. You can leverage the free Google Authenticator app for this. Once activated, you enter your username and password like normal, but then will be prompted to enter a 6 digit code which can be found in the Google Authenticator app running on your phone. Without that number (which changes every 30 seconds), you cannot login. The chances of someone from Russia getting your username and password to login to your application in the middle of the night may be slim, but with MFA it is pretty much impossible. How important is it for you to make sure your key business applications are as secure as possible??
- Update your software. Many of the big security breaches or ransomware infections happened because a simple Windows update was never applied. And these are not recent Windows updates either. Many of them were more than a year old and were never installed. Who knows why they were never installed; have peace of mind and make sure your updates are current. Be sure to check not only for Windows but also Office, your Firewall, your WIFI, and anything else that can be updated.
- Do a simple security audit. When was the last time you reviewed a list of users that have logins to your systems and applications? If you are like most companies, it has been a long time. Have someone run a list to be reviewed. You will be surprised to see the old employees who still have logins to your things or accounts and no one knows who they are or what they are for.
- Bonus! Do you have Cyber Insurance? If you do not or aren’t sure what this is, you need to contact your insurance broker. Better yet, look for a new broker since your current broker should have already been letting you know what this is and discussing whether you should have it or not.
I hope this helps. We like to spread the word for being more secure and have recently been helping clients with their security knowledge through lunch and learns. Let us know if you want us to help you!