Cyberattacks are at an all time high. And it comes as no surprise when the IRS made a recent announcement urging tax professionals to increase their cybersecurity posture. When increasing cybersecurity efforts, most assume there’s a need for an increase of spend towards cybersecurity tools and services. It is always good to have the tools and services in place to protect your business but did you know 90% of cyber breaches are caused by human error? Beefing up your cybersecurity starts with adequate awareness training with employees. Below, we’ll take a deep dive into properly training employees as well as other necessary cybersecurity measures.
Train Your Employees
Because we’re talking about safeguarding your computers, network, and data, we tend to think that the best defense should also be electronic. While installing virus and malware detection software is critical to keeping your important data out of the wrong hands, your first line of defense should be the people in and around your office. Yes, you and your employees. Training your employees on how to properly use your technology and how to identify potential cyber threats is essential to staying one step ahead of the cybercriminals. Tucking this vital information into the back of an employee manual is simply not sufficient. Neither is a one-time staff training that will be ignored and forgotten. You and your entire team should have a basic understanding of the methods of cybercrime, as well as regular updates on computer security protocol and the latest in cybercrime tactics and defenses. Your employees should have an in-depth understanding and proactive resolve to ensure the best practices toward passwords, keeping a clean space, identifying malicious e-mails, proper communication, social engineering, and encrypting e-mails.
A Good Firewall s Essential
Don’t scrimp on a good firewall. A firewall acts as the frontline defense against hackers blocking everything you haven’t specifically allowed to enter (or leave) your computer network. As with all devices on your network, firewalls need monitoring and maintenance. Your company IT person or consultant should include your firewall as part of their regular maintenance of your network.
There are several reasons why your business will benefit from a strong firewall:
- Block access to unapproved websites. You can set up a firewall to block access to social media sites, betting sites, sports sites, and other time-wasters.
- Protect your business from malicious code. Strong firewalls can inspect the traffic going into and out of your network. All day, every day, your firewall can detect and block viruses, worms, spam, and other unwanted Internet traffic. Plus, they will log intrusion attempts as well as block malicious applications while allowing access to the good ones.
- Better control of your bandwidth. Beyond providing security, you can actually meter and limit your network bandwidth. By curtailing non-business traffic, such as videos, music, and images, you’ll have more bandwidth for essential business applications.
- Provide VPN services. Today, firewalls can provide site-to-site connectivity through virtual private networks (VPNs), which allow users at remote sites to securely access your internal network resources. Now, any work-from-home employees, as well as traveling employees and contractors, can increase their productivity and collaboration by securely accessing your network.
Creating Better Passwords
Of course, it’s much easier to remember the same password you’ve used a million times before … or one featuring your birthdate or your daughter’s name … or simply using “password” (which, even after countless jokes and warnings, is still one of today’s most frequently used passwords). And yes, it can be a pain to have to reset your password each time you forget it. But, for the security of your company’s network and data, it’s well worth the extra time and inconvenience to create very secure passwords. Generally, the longer the password, the more secure. Ideally, it should include at least one special character, one number, and both uppercase and lowercase letters. But once you land on that perfect password, don’t use it for multiple applications. Create new passwords for each new application used. Also, two-factor authentication should be in place every time a password is required. Two-factor authentication is an extra layer of protection that ensures only the person who is supposed to access the account can access it. Simply knowing the password would not be sufficient. Also, it should go without saying that your password should be kept to yourself and not shared with anyone else, including coworkers, partners, friends, and family. In addition, if you must terminate an employee, or upon them resigning, make sure their passwords are no longer active. Many of your employees probably utilize auto-fill passwords. After all, in less than a second, your password is automatically filled in and you’re zipping through the Internet without having to remember your password or request a password reset. There are also password-manager applications that make it a cinch to log in. Problem is, hackers, know these are a gold mine to all of your private data. Rather than keeping your passwords on a spreadsheet or a notepad that could easily be compromised, it’s better to utilize a password manager. Therefore, you only need to remember one master password, and the password manager houses all of your passwords. While a password manager could potentially be hacked, it’s far safer than keeping a password file on your computer. To protect your browsers from password theft, we recommend turning off this auto-fill option. Please note that depending on the browser you are using (Chrome, Firefox, or Safari), the directions to turn off password auto-fill will vary.
For more cybersecurity tips, sign up for our FREE ‘Cyber Security Tip of the Week’ and stay one step ahead of hackers and cyberattacks.
Originally published in the TXCPA Houston's Online Magazine called the Forum. Read the full magazine here.
Wayne Hunter is the President and CEO of AvTek Solutions, Inc. where he concentrates his efforts on providing the best solutions for clients. Wayne has over 30 years of experience in Information Technology, focusing on implementing storage and data systems, IT management, and systems integration. Wayne is passionate about solving IT problems and affecting positive change for clients. He is especially proud of AvTek’s reputation of trust that has been established with clients over the last decade. Before AvTek Solutions, Inc. Wayne successfully launched another company, Lexicon Information Concepts, LLC, which was acquired by Legato Systems, Inc. Prior to Lexicon, Wayne was the Manager of Systems Integration Group at EMASS, Inc. and a Systems Administrator at Convex Computer Corp. Wayne started his career by serving six years in the Navy.