Highland House Cyber Knowledge center
Welcome to the Highland House Knowledge Center, in this section you will find useful information to learn more about the risks that we face in the digital world and how to educate ourselves against cybercrime. Buy one of our plans and stay protected.
Cybersecurity best practices
It's easy to think that because you have a small business, cybercriminals will stop attacking your business. The “not much to steal” mentality is common among small business owners when it comes to cyber security, but it is also completely wrong and out of sync with current cyber security best practices.
In reality, the US Congressional Small Business Committee found that 71 percent of cyberattacks occurred in companies with fewer than 100 employees. Even more concerning, Ponemon and @Keeper's 2016 SMB Cybersecurity Status Report found that 50 percent of SMBs have had a security breach in the past year.
But why are small businesses targeted more often than large ones? Almost all cyberattacks are to obtain personal data to use on credit cards or identify theft. While larger companies typically have more data to steal, smaller companies have less secure networks, making it easier to breach the network. The IDG CSO.com article "Why Criminals Pick on Small Businesses" says that by using automated attacks, cybercriminals can breach thousands or more of small businesses, making size less of an issue than network security.
How can your company avoid being the victim of a cyber attack? Here are 8 business cybersecurity best practices that you can start implementing today.
Use a firewall
One of the first lines of defense in a cyber attack is a firewall. The Federal Communications Commission (FCC) recommends that all SMEs install a firewall to provide a barrier between their data and cyber criminals. In addition to the standard external firewall, many companies are beginning to install internal firewalls to provide additional protection. It is also important that employees who work from home also install a firewall on their home network. Consider providing firewall software and home network support to ensure compliance.
Document your cybersecurity policies
While small businesses often operate by word of mouth and with intuitive insight, cybersecurity is an area where documenting your protocols is essential. The Small Business Administration (SBA) cybersecurity portal provides online training, checklists, and specific information to protect businesses online. FCC Cyberplanner 2.0 provides a starting point for your security document. Also consider participating in the Voluntary C3 Small Business Program, which contains a detailed toolkit for determining and documenting cybersecurity best practices and policies.
Plan for mobile devices
With 59 percent of companies currently allowing BYOD, according to Tech Pro Research 2016 BYOD, Wearables and IoT: Strategies Security and Satisfaction, it is essential that companies have a documented BYOD policy that focuses on security precautions. With the growing popularity of wearable devices such as wireless-enabled smart watches and fitness trackers, it is essential to include these devices in a policy. Norton by Symantec also recommends that small businesses require employees to configure automatic security updates and that the company's password policy apply to all mobile devices accessing the network.
Educate all employees
Employees often have many roles in SMBs, so it is essential that all employees accessing the network are trained in network cybersecurity best practices and security policies.
Since policies are evolving as cyber criminals get smarter, having regular updates on new protocols is essential. To hold employees accountable, have each employee sign a document stating that they have been informed of the policies and understand that action can be taken if they do not follow the security policies.
enforce strong password practices
Yes, it is difficult for employees to change passwords. However, the 2016 Verizon Data Breach Investigations Report found that 63 percent of data breaches occurred due to lost, stolen, or weak passwords. According to the Keeper Security and Ponemon Institute Report, 65 percent of SMBs with password policies do not enforce them. In today's BYOD world, it is critical that all employee devices accessing the company network are password protected.
In the Business Daily article "Cybersecurity: A Small Business Guide," Bill Carey, vice president of marketing and business development for Siber Systems, recommended that employees be required to use passwords with uppercase and lowercase letters, numbers, and symbols. He says SMBs should require that all passwords be changed every 60 to 90 days.
Back up all data regularly
While it is important to prevent as many attacks as possible, it is still possible for it to be violated regardless of your precautions. The SBA recommends backing up your word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable / payable files. Also make sure to back up all data stored in the cloud. Make sure backups are stored in a separate location in case of fire or flood. To make sure you have the latest backup if you ever need it, check your backup regularly to make sure it is working properly.
Install anti-malware software
It's easy to assume that your employees know they should never open phishing emails. However, the 2016 Verizon Data Breach Investigations Report found that 30 percent of employees opened phishing emails, a 7 percent increase from 2015. Since phishing attacks involve installing malware on the employee's computer when the link is clicked, it is essential to have anti-malware software installed on all devices and the network. Since phishing attacks often target specific roles of SMB employees, use the job-specific tactics described in the Entreprenuer.com article “5 Types of Employees Often Targeted by SMEs. phishing attacks ”as part of your training.
Use multifactor identification
Regardless of your preparation, an employee is likely to make a security mistake that could compromise your data. In the PC Week article "10 Cybersecurity Steps Your Small Business Should Take Right Now," Matt Littleton, Azure Regional Director of Cybersecurity and Infrastructure Services at Microsoft, states that using multi-factor identification settings in Most major email and network products are easy to do and provide an extra layer of protection. He recommends using employee cell phone numbers as a second way, as a thief is unlikely to have both the PIN and the password.
Safety is a moving target. Cybercriminals advance every day. To protect your data as much as possible, it is essential that each and every employee make cyber security a top priority. Most importantly, stay on top of the latest attack trends and the latest prevention technology. Your business depends on it.
10 Cybersecurity Best Practices Every Employee Should Know
If you are an employee, you are on the front line of information security. Your company may have comprehensive cybersecurity policies for you and your coworkers to follow. But even with these protections, it's important to stay vigilant to help ensure your company's data and network is safe and secure.
Does it make a difference working for a small or medium-sized company? Hackers often target large organizations, but smaller organizations can be even more attractive. Why? Cybercriminals may think that small businesses have fewer controls and could be easier to infiltrate.
Your business may have the best security software and the most comprehensive office policies, but your actions play an important role in helping keep data safe. Consider this: a single employee could make a mistake by sharing confidential company information on their smartphone or clicking on a corrupt link, and that could lead to a data breach.
When you work in a small or medium-sized business, it's smart to learn about cybersecurity best practices. By educating yourself on the little things that contribute to cybersecurity, you can go a long way toward protecting your organization.
10 best cybersecurity practices
Cybersecurity best practices encompass some of the general best practices, such as being cautious when engaging in online activities, following company rules, and asking for help when you find something suspicious. Here's a more in-depth look at the top 10 business cybersecurity best practices that all employees should know and follow.
Protect your data
In your daily life, you probably avoid sharing personally identifiable information like your Social Security number or credit card number when answering an unsolicited email, phone call, text message, or instant message. It is important to use the same caution at work. Be aware that cybercriminals can create legitimate-looking email addresses and websites. Scammers can falsify caller ID information. Hackers can even take over company social media accounts and send seemingly legitimate messages.
It may seem obvious, but it is important not to leak your company's data, confidential information, or intellectual property. For example, if you share an image online that shows a whiteboard or computer screen in the background, you could accidentally reveal information that someone outside the company shouldn't see.
Similarly, be careful to respect the intellectual property of other companies. Even if it is accidental, sharing or using the intellectual property or trade secrets of other companies could cause problems for you and your company.
Your company can help protect your employees, customers, and data by creating and distributing business policies that cover topics such as how to destroy data that is no longer needed and how to report suspicious emails or ransomware.
Avoid pop-ups, unknown emails, and links.
Beware of phishing. Phishers try to trick you into clicking a link which may result in a security breach.
Phishers prey on employees in the hopes that they will open pop-ups or other malicious links that could have embedded viruses and malware. This is why it is important to be careful with links and attachments in emails from senders you do not recognize. With just one click, you could allow hackers to infiltrate your organization's computer network.
Here's a rule of thumb to follow: never enter personal or company information in response to an email, pop-up web page, or any other form of communication that you didn't initiate. Phishing can lead to identity theft. It is also the way most ransomware attacks occur.
Your company can help by employing email authentication technology that blocks these suspicious emails. Usually, you will be notified that the email was sent to a quarantine folder, where you can check if it is legitimate or not.
Be cautious. If you are unsure of the legitimacy of an email or other communication, always contact your security department or security leader.
Use strong password authentication and protection
Strong and complex passwords can help prevent cyber thieves from accessing company information. Simple passwords can make access easier. If a cybercriminal discovers your password, it could give you access to the company network. Creating complex and unique passwords is critical.
A strong password contains at least 10 characters and includes numbers, symbols, and uppercase and lowercase letters. Businesses should also ask you to change your passwords regularly. Changing and remembering all your passwords can be challenging. A password manager can help.
Businesses may also require multi-factor authentication when trying to access sensitive network areas. This adds an extra layer of protection by asking you to take at least one additional step, such as providing a temporary code that is sent to your smartphone, to log in.
Connect to a secure Wi-Fi network
Office Wi-Fi networks must be secure, encrypted, and hidden. If you are working remotely, you can help protect your data by using a virtual private network, if your company has one. A VPN is essential when working outside of the office or on a business trip. Public Wi-Fi networks can be dangerous and leave your data vulnerable to being intercepted.
But keep in mind that some VPNs are more secure than others. If your business has a VPN that you trust, make sure you know how to connect and use it. Norton Secure VPN provides powerful VPN protection that can help keep your information private on public Wi-Fi networks.
Enable firewall protection at work and at home
Having a firewall for your company network and your home network is a first line of defense to help protect data against cyberattacks. Firewalls prevent unauthorized users from accessing your websites, mail services, and other sources of information that can be accessed from the web.
Don't just rely on your company's firewall. Install one on your home network if you work from home. Ask your company if they offer firewall software.
Invest in security systems
Smaller businesses may be hesitant when considering the cost of investing in a quality security system. That generally includes protections like strong malware and antivirus detection, external hard drives backing up data, and running regular system checks. But making that investment early could save businesses and employees from the potential financial and legal costs of being breached.
All the devices you use at work and at home should be protected by robust security software. It is important for your company to provide data security in the workplace, but alert your IT department or information security manager if you see anything suspicious that may indicate a security problem. There may be a bug in the system that the company needs to patch or fix. The sooner you report a problem, the better.
Install security software updates and back up your files.
Following IT security best practices means keeping your security software, web browsers, and operating systems up to date with the latest protections. Anti-virus and anti-malware protections are frequently reviewed to target and respond to new cyber threats.
If your company sends instructions for security updates, install them immediately. This also applies to personal devices you use at work. Installing updates quickly helps defend against the latest cyber threats.
Cyber threats often target your data. That's why it's good practice to protect and back up your files in the event of a data breach or malware attack. Your company likely has rules about how and where to back up your data. Important files can be stored offline, on an external hard drive, or in the cloud.
Talk to your IT department
Your IT department is your friend. Contact your company's support team about information security. You may have a lot to talk about.
It's a good idea to work with IT if something like a software update has a problem. Don't let a simple problem get more complex when you try to "fix" it. If you're not sure, IT can help.
It's also smart to report security warnings from your Internet security software to IT. They may not be aware of all the threats that occur.
It is also important to keep in touch when you travel. Please inform your IT department before you go, especially if you are going to use a public Wi-Fi network. Have a nice trip, but don't forget your VPN.
Remember to make sure IT is, well, IT. Beware of tech support scams. You may receive a phishing email from someone claiming to be from YOU. The goal is to trick you into installing malware on your computer or mobile device, or providing sensitive data. What to do? Do not provide any information. Instead, contact your IT department immediately.
Employ third-party controls
Here is a fact that might be surprising. It is common for data breaches to start from within companies. That is why organizations must consider and limit employee access to customers and customer information.
You can be an employee in charge of accessing and using the confidential information of clients, customers, and other employees. If so, be sure to implement and follow company rules on how confidential information is stored and used. If you are in charge of protecting printed or hard copies, you are the advocate for this data against unauthorized third parties.
Companies and their employees may also have to monitor third parties, such as consultants or former employees, who have temporary access to the organization's computer network. It is important to restrict third party access to certain areas and remember to disable access when they finish work.
Embrace education and training
Smart companies take the time to train their employees. Your responsibility includes knowing your company's cybersecurity policies and what is expected of you. That includes following them. If you are not sure about a policy, ask.
Here is an example. Maybe you wear a smartwatch at work. It is important to protect personal devices with the most up-to-date security. You'll also want to know and follow your company's Acceptable Electronic Use (AEU) policy. When bringing your own device, also known as BYOD, ask your IT department if your device has permission to access corporate data before uploading anything to it. Always make sure to use authorized applications to access confidential documents.
A little technical knowledge also helps. Learning the process for allowing IT to connect to your devices, along with basic computer hardware terms, is helpful. That knowledge can save you time when you contact support and they need quick access and information to resolve a problem.
If you want to back up your data to the cloud, be sure to speak with your IT department first for a list of acceptable cloud services. Organizations can include this in their AEU policy. Violation of the policy may be grounds for dismissal.
You can prevent a data breach
Having the right knowledge, such as the Top 10 Cybersecurity Best Practices Every Employee Should Know, can help strengthen your company's breach vulnerabilities. Remember: a single click on a corrupted link could let a hacker in. A single failure to correct a failure quickly could leave your employer vulnerable to a cyber attack.
It's part of your job to engage in safe behavior online and to contact your IT department when you find something suspicious or need help.
Staying on top of these cybersecurity practices could be the difference between a secure company and one that a hacker could target.