As 2022 grows closer, cybersecurity planning has become priority one for companies large and small.
If the answer is no, then now is the time to get to work. By developing a solid Cybersecurity Plan now, you can help your business navigate the persistent security challenges and achieve the success you’re looking for in 2022.
This past year has been rough for many companies and industries. Computer hacks, ransomware, malware, and cybercrime throughout the country seemed relentless. Not to mention a global pandemic. There are no guarantees to what’s ahead, but the smartest way to be prepared and defend against cyberattacks is to take a strategic approach to cybersecurity. When you align your security processes with your business goals the end result is an optimized cybersecurity position.
Cybersecurity is for everyone. It isn’t reserved for enterprise-sized corporations that collect huge sets of data and personal information. Every company that relies on the internet must be aware of today’s cybersecurity risks and take steps to mitigate vulnerabilities.
Components of a Solid Cybersecurity Plan
1. Framework for a Cybersecurity Plan
Decide who will be responsible for developing, implementing, and enforcing the cybersecurity policy.
- Even if you use an MSP such as VAZATA to implement cybersecurity, you still need someone in senior management to serve as point person with the authority to make high-level decisions. This could be critical in case of a breach where quick, decisive action is needed to diminish loss.
- Document steps. The more comprehensive you are, the better prepared your company will be in the event of a breach or cyberattack. Clearly lay out your goals, commitments, plans and procedures.
- Clearly define roles, from CEO to entry-level, and their responsibilities.
- Communicate and distribute the policies to your personnel; ensure they acknowledge receipt and understanding, as well as any consequences for violating policy procedures.
2. Review & Implement Your Existing Security Policies
You may already have several “lower tier” security policies in place, such as an Acceptable Use Policy and an Internet Access Policy. These direct a particular set of rules for employees to follow to help protect your network’s security.
- If you don’t have these in place, create them.
- These policies cover use of company laptops, cell phones, email procedures, internet usage, remote access, and employee-owned devices.
- Plan on reviewing these policies yearly to ensure they cover any new advancements in cyber technology.
- Set up training for employees as needed.
3. Employee Education on Cybersecurity
Your policies will work only if your employees’ understand and adhere to them. In addition to the points above, here are three smart action items:
- Educate your employees about email phishing scams. The more they know about how phishing scams work, the safer your digital assets will be.
- Educate them on how hackers are most likely to get into your system. Many times it’s something as simple as ignoring security patch updates that can create a vulnerability for a hacker to exploit.
- Make sure your employees know what to do if they think there is any type of security breach. Who do they alert? Define your internal escalation process and practice it with your employees.
4. Physical Security Helps Ensure Cybersecurity
With all the focus on protecting these digital assets, it could be easy to overlook steps needed to protect the physical devices that contain your cyber information.
- Is your data center secure? Is it housed in a location where only authorized personnel can get in and out? Don’t forget to check that list of personnel periodically to ensure that ex-employees no longer have access.
- Is your office space secure? How easy is it for “the public” to come in and walk around? Laptops, cell phones, and USB drives can be swiped under your nose, and with it, access to your network.
- If your employees take devices home or travel with them, how secure is that device? Do your employees know to only use secure Wi-Fi networks? Is the device password protected?
5. Develop Password Policies
While you may find yourself frustrated at the complexities of creating and remembering an acceptable password for the different applications you use in your daily personal life, there is of course, a good reason for it. You need to be doing the same thing for your business.
- Implement a password policy. Employees should be using complex, random, long passwords or password phrases (recommended to be at least 10 characters) to log into their devices, in addition to any linked business accounts.
- Incorporate a schedule to change passwords on a regular basis
- Consider adding two-factor authentication to regularly-accessed accounts. This would be the strong password plus answering a “secret question”, PIN, or even providing biometric data like a fingerprint.
- Do not store any passwords in spreadsheets or word documents. It’s just too easy to breach these. Look into secure password programs for your employees that need to access linked accounts. The programs act like a vault, auto-populating passwords into sites (that the employees have been cleared for) without displaying what the password is.
Watch for Part 2 of Planning Ahead: Is Your Cybersecurity Plan for 2022 Ready to Roll? on our next blog. We’ll share more important tips on creating a strategic Cybersecurity Plan for 2022. Meantime, if you have questions, contact VAZATA about how to protect your business from cybercrime all year round.