Cybersecurity is the technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. You may think that your business will not be a likely victim but the risk is not limited to businesses that sell products and handle credit card information and it’s not just large companies that are targeted. If your business collects, processes, and stores data on computers and other devices, you are at risk. Protecting your company and its information needs to be a top priority. There are a number of safety measures you can take to ensure that your systems, data and site are as secure as possible.
- Train your employees: Establish basic cybersecurity practices and policies for your company and train all employees regarding these. Inform employees regarding all security issues. Have a clear email and Internet use policy. Provide regular updates on new protocols and conduct regular training sessions to review IT security best practices. Create a culture of cybersecurity awareness.
- Secure your network, database and website: Install the latest anti-malware, antivirus, spam blockers, spyware detection and anti-ransomware software. Consider using a service like PayPal to process payments and protect customer information.
- Establish safe passwords and authentication practices: Data breaches often happen due to lost, stolen, weak or easy to guess passwords. Consider a Password Manager App, a software application designed to store and manage online credentials in an encrypted database. Multi-factor authentication that requires additional information to gain entry is another possibility. Change passwords every 3 months. Give employees access to only the specific data systems that they need for their jobs and require permission before installing any software. No one employee should have access to all data systems.
- Implement penetration testing: Penetration testing involves hacking into your own system to expose vulnerabilities in your host network and network devices. It identifies problematic access points in your system and provides suggestions for hardware and software improvements to upgrade your security.
- Provide firewall security: Install a firewall on all devices; a set of programs that prevent outsiders from accessing data on a private network. If employees work from home, ensure that their home systems are firewall protected. Firewalls give you the best chance of protecting your site before an attack is successful and they result in a faster and safer website. Many companies install internal firewalls to provide additional protection.
- Do private browsing with a VPN (virtual private network): Business owners/employees often use temporary workplaces and remote locations (coffee shop, airport, home office) increasing the risk of outsiders gaining access to business data. A VPN creates an encrypted connection between your computer and the remote private network making it necessary to have the key to decode information. Your data can’t be monitored, tracked, collected and stored.
- Create a mobile device action plan: Mobile devices (laptops, tablets, USB drives, smartphones) create a security risk for your company. Require employers to have password protection, encryption software, and a remote lock and wipe app.
- Encrypt your emails: Email messages and attachments are not a safe way to send confidential/sensitive information. Email encryption software ensures that only the sender and recipient can read the email/attachment thus preventing data breaches. The email contains a hyperlink to a website controlled by the sender.
- Subscribe to a Cloud service; an easy and affordable way to get data security from a company that specializes in handling security threats.
- Backup business data and information: Automatically backup critical data (word processing documents, electronic spreadsheets, databases, financial files, human resources files, accounts receivable/payable files) and store the copies offsite or in the cloud. Check your backup regularly to ensure that it is functioning correctly.
- Outsource your IT: A third-party IT provider hires and trains the best security people, gives you a set monthly fee, remotely manages your servers (24/7) and responds to emergencies.
- Dispose of data safely: When disposing of outdated computers, completely destroy the data on the hard drive by using a wiping/degaussing system and then physically destroying it with a hard-drive shredder or crusher.
- Secure your Wi-Fi network: Set up a wireless access point/router that is secure, encrypted and hidden. Password protect access to the router.
- Talk to your professional accountant to ensure that your information is protected on their end.
Increase your vigilance regarding online security in order to protect your intellectual property, financial data, personal information, or other types of data from unauthorized access or exposure. Undertake proactive measures to protect your business computer, network, data, and website. Be aware of recent attacks and adjust your protection as needed. Stay ahead of cyber attacks, cybercriminals and emerging trends in cybercrime. The Canadian Center for Cyber Security provides online training, checklists, and information specific to protect online businesses.
Concerned about the safety of your company’s information? Want an accountant versed in cybersecurity? Contact Cook and Company Chartered Professional Accountants. Whether you operate a sole proprietorship or a sizable corporation with multiple subsidiaries, Cook and Company uses their experience and expertise to help your business. Contact us for a complimentary consultation.