Part 1: Cybersecurity Steps Every Business Must Take

Over the next three articles, we will be covering twelve areas that every business must secure to protect itself from cyberthreats and to ensure the cyber safety of their business. We’ll look at four areas in each of the articles so that we complete the series by the end of the year. These articles will cover “what” must be protected. In 2020, we’ll schedule a webinar or workshop to cover the “how.” In this way, every chamber member will have the opportunity to learn what to do and how to do it, to ensure some semblance of security, no matter how big or small the organization is.

Let’s start with a definition of cybersecurity: Cybersecurity is the protection of computer systems from theft and damage to the hardware, software or information, as well as from the disruption or misdirection of business services.

Cybersecurity area #1: password management

The importance of having strong passwords cannot be overstated. Not only are strong passwords a must but the management of those passwords is also critical. Too often we’ve heard, “but they’re too hard to remember” or “I can’t track all those passwords.”

Too often we’ve seen notebooks with login names and passwords written out for the entire office to see and sticky notes under keyboards or beneath the desk drawer. This is an invitation to an intruder.

Strong password guidelines might include the following:

  • 12-16 characters
  • 4-6 special characters
  • 4-6 numbers
  • Do not reuse the same password on different accounts
  • Do not use special characters or numbers to spell out something you can easily remember

Such passwords may seem impossible to remember and track, but they will keep your company assets safe.  The next step is the use of a password management application. Think of this application as a password-vault which holds the URLs of the websites you’re logging into, your usernames and “strong” passwords, and any other pertinent information. The vault can also protect other data, such as credit card numbers, bank information and any other information you may require to access your assets. Now you only need to remember two strong passwords: one for your computer and a different one for your vault.

Cybersecurity area #2: multi-factor authentication (MFA)

Multi-factor authentication (MFA) is one of the easiest ways to further protect your assets. Single-factor authentication, typically the password provided with your username, means that you have only one way to “authenticate” your identity. MFA simply means that you must provide additional information to authenticate that it’s really you.

By requiring this additional information, you are further protecting your asset should your password ever be compromised. Passwords can be captured through phishing emails (to be discussed in another article), by utilizing fake website URLs, phony social networks, password cracking routines and by other means. Once a password has been compromised, all your assets protected by that password are at risk.

An example of a second authentication factor is having a code sent to you in a text message or email, which is then entered after your password has been successfully submitted. Other examples include answering a pre-defined challenge question (e.g., what was your first pet’s name) or using a smart card or access key.

If your password is compromised, MFA presents an additional line of defense to block a hacker. Of the option exists to have multiple levels of authentication, use it.

Cybersecurity area #3: end-point-protection

End-points are the actual components you are trying to protect, such as servers, desktops, network components, applications, databases, etc. In ITILÒ terms, these items are known as configuration items (CIs). There is much to say about end-point-protection but for our simplified discussion, let’s focus on anti-virus, anti-malware software. This is the software we load on our systems to constantly monitor for viruses and software attacks that attempt to harm our end-points. The software must be loaded, running, and regularly updated to protect your assets against the known attacks.

Cybersecurity area #4: patches & updates

It’s critical to keep your operating system, applications and anti-virus software updated and on the latest patch levels. Known bug fixes, vulnerabilities and compromised code are some of the many enhancements as these patches and updates address. Most updates are automated and do not require manual intervention. Be sure your systems and network components are updated regularly to be as secure as they can be.

Conclusion

The goal of this article was to introduce the first four areas that every business must consider to protect itself from cyberthreats, and to ask the reader to consider whether these areas have been addressed in their own organization. If you believe there are deficiencies in any of the areas, reach out to your Cybersecurity Professional and get the help you need to keep cybertheft to a minimum. If you don’t know who to reach out to, reach out to me. I’ll get you pointed in the right direction.

For next time

Be on the lookout for the next two articles where we’ll hit the other eight items of the Cybersecurity Definite Dozen!

Mike Battistella is the President of Solutions3 LLC, an IT Management Company focusing on cyber security management, network & systems management, IT service management, critical notification management and technical & soft skill training.