With the increase of computer-based operations for many businesses, a strong cyber security strategy is an extremely important part of your operational plan. Although investments in security may not seem like they contribute to your company’s bottom line, failing to consider security risks and taking appropriate action to avoid them can have disastrous and costly consequences for your business. To ensure your business is well protected before an incident occurs, consider the following cyber security tips for businesses.

Install software updates routinely

Software updates may seem like a frequent annoyance, but they serve a very important purpose in keeping your business data safe. Hackers are constantly coming out with new viruses, and software updates often include important patches to close the loopholes that hackers exploit. It is important to keep any software used by your company up to date, including:

• Antivirus software
• Operating Systems
• Firewalls
• Web Browsers and plugins
• Business applications and software
• Cloud-based communications software

Installing these important updates will minimize the opportunities for hackers to access your system externally.

Utilize Two-Factor Authentication

Two-Factor Authentication, or 2FA, refers to a security measure where employees must provide two different means of verifying their identity before they can access critical business systems, such as email accounts or company databases. Typically, a user will log in with their username and password as the first authentication factor. Then, they will utilize a second security measure – a fingerprint scan, security token, or a push notification sent to the user’s verified cell phone – to complete the verification process. This added layer of security helps to minimize unauthorized access to important company systems and can easily be changed as employees join or leave the company.

Set company-wide security standards and adhere to them

In larger companies with fragmented departments, getting everyone on the same page about proper security standards can be challenging. The first step is to start with a documented set of security standards that can be easily referenced by employees, then implement a communication plan to ensure all employees are following these standards regularly. The completed cyber security standards plan should include the following:

1. Quarterly training for all employees on proper cyber security measures

   In companies with dedicated network security personnel, the security team sets and manages proper security standards for the company’s network, but those standard operating procedures are not always thoroughly communicated throughout the rest of the organization. To maintain a high level of security, it is important that all employees are properly trained on a regular basis regarding cyber security standards.

2. A list of potentially harmful websites that are blocked on company computers

   Blocking all potentially harmful websites on company servers can severely hinder business operations and decrease employee morale. For example, the company’s marketing department will likely need to access common social sites like Facebook or Instagram in order to fulfill the company’s marketing objectives. However, some websites have very little use in the normal course of operations for the company and could present a considerable security risk if left unchecked.  Have your company security team evaluate the most dangerous websites and create permissions settings on the company network that block those sites from being accessed on the company network.

3. Password standards for all employee accounts and devices

   There are a variety of ways that hackers can access company accounts and systems, but one of the most preventable ways is through unsecure passwords. All employee accounts and devices that are accessed on the company network should have highly secure passwords that are changed frequently (typically about every 90 days). During the employee training process, it is important to communicate how employees should handle passwords internally. Your company should institute password policies, such as:

   • Never write down a password.
   • Use different passwords for different company accounts and devices.
   • Passwords should be a specified length and include at least 3 different types of characters.

All company passwords should also be managed by a secure password management program that allows security personnel to force password changes if systems or accounts are compromised.

Leverage the cloud

If your company doesn’t have a designated security team, managing all the aspects of a proper cyber security management program can be overwhelming. Fortunately, leveraging cloud-based programs can help minimize the workload on your team. Reputable cloud-based service providers will install system updates regularly on your behalf, and they also utilize highly secure platforms to protect their customers’ data. Many cloud-based services also have built in integrations with other frequently used business systems, which allows a company to transfer data efficiently without having to use a local data warehouse that requires additional security measures.

Utilizing these tips can help your business avoid security compromises that can be time-consuming and costly. The key to an effective cyber security strategy is in understanding how threats can occur and working proactively to avoid them before they happen.