- 5 Steps for Bringing Cybersecurity to the Forefront of Your Company - October 16, 2020
The pandemic has caused the “normal” course of businesses across all industries to shift, with many companies working from home and now remotely accessing corporate networks and data. And with it, many companies are now making their precious data available remotely.
Unlike the way we work, the world of cybercrime hasn’t changed. Before the pandemic, Webroot observed a 640 percent increase in phishing attempts and a 125 percent increase in malware. Those numbers have only been exacerbated due to the distributed workforce: small- to medium-sized businesses continue to be a premium target for cybercrime attacks.
So, what can entrepreneurs do make their companies resilient, keeping their data safe in the new normal of the remote world?
StartupNation exclusive discounts and savings on Dell products and accessories: Learn more here
No business is too small to face a security crisis
Cybersecurity has often fallen to the bottom of the budget bucket as entrepreneurs pay attention to other pressing concerns. However, entrepreneurs now realize that no business is too small to fall pray to an attack: 75 percent of SMBs now agree that there should be more emphasis placed on security within their organization.
They’re right: it is no longer a matter of if a cyberattack or disaster will happen, but matter of when.
Now, the pressure is on company IT and security teams to prepare and deliver plans that will mitigate any issues from unexpected situations, like the current pandemic, natural disasters, etc. What your business needs is a cyber resilience plan that protects your IT infrastructure and data regardless of the crisis, human error or natural disaster.
Five steps to build a solid cyber resilience strategy
A cyber resilience strategy brings together cybersecurity and data protection, providing a comprehensive approach that establishes multiple layers of control, defending your business against any type of attack.
The goal is to provide redundancy in the event that a security control fails, or a vulnerability is exploited. The core elements of cyber resilience are to train, block, protect, backup and recover.
Entrepreneurs can take the following steps to build a resilient data infrastructure:
Create a culture of cybersecurity through education
Education is the first stepping stone in any resilience plan. Your team has to know and understand the potential threats they could face from things like deceptive emails, attachments and web links. Cyberattack methods are becoming more sophisticated, so it’s important to educate your team members on what to watch out for and what kinds of malicious behaviors to avoid.
That’s why security awareness trainings are paramount to ensure all of your team members understand his or her role in data protection, and to establish a culture where security is understood as a shared responsibility.
Ongoing training and simulations will help ensure your team doesn’t fall prey to scams that put the entire company at risk.
Advanced threats require advanced internet security and threat intelligence
Online security basics are sometimes dismissed when organizations think they are unimportant compared to other day-to-day activities or precautions. Antivirus has been deemed as part of that list, as some entrepreneurs essentially set it and never revisit or update. As cyber threats evolve daily, antivirus becomes a key layer of defense against cyberattacks.
Your security and IT teams should start by auditing your company’s current antivirus platform. Then, take it to the next level with endpoint security to protect all devices and applications used to access network data.
Advanced security features like global location tracking, remote locking and remote wipe enables your business to protect sensitive data, should those assets end up in the wrong hands.
Backup and disaster recovery
Entrepreneurs need to know their data, including its value and what is most important. An audit should be the first step. Know what critical information your team members have, where it lives and how it is organized and accessed.
Then, your team can choose a data backup and disaster recovery system. It’s also important to think about implementing automation to minimize disruption. Automated cloud data backup systems, for example, provide easy and fast recovery, ensuring day-to-day information is available and secured.
Keeping the lights on: The 3-2-1 golden rule
To keep your startup’s data safe and accessible at all times, we recommend the following 3-2-1 golden rule:
- Keeping three copies of your data, one original file and two backups.
- Choosing two different storage types to mitigate the failure of one of them.
- Maintaining one copy of your data offsite.
The end goal is to have multiple copies in different locations, leaving no single point of failure.
Testing and adapting
How do you know if everything you’ve set forth in your plan works? You don’t want to wait until an issue arises to know whether or not what you’ve set in place works.
Testing the procedures you’ve set in place is the best way to know if there are any issues, making sure your plan will function in the event of a potential disaster. As best practice, test your procedures once every quarter or, at a minimum, once a year.
Moving beyond the pandemic into full cyber resilience
Moving beyond the current COVID-19 pandemic, it is critical that your business ensure the protection of its data while preparing for the future new normal.
No matter the company size, cyberattacks will continue to rise. Taking simple steps toward cyber resilience today is paramount in protecting your business in the long run. Many lessons learned during the pandemic will be applicable to other potential crises, from natural disasters to cyberattacks, and startups need to be ready to face these attacks head on in order to keep the lights on.