Cybercrime remains one of the top threats to your business as hackers continually come up with new and more sophisticated ways to target the sensitive data of your organization and employees.
In fact, 2020 was a record-breaking year for data lost in security breaches and overall numbers of cyberattacks, according to a March Forbes report.
This is all a reminder of the need to conduct cybersecurity assessments and always be vigilant in protecting your sensitive information. Jenna Marceau, Syndeo’s Chief Information Officer, says now is a good time to start a clean-up process and review your organization’s “cyber hygiene” regardless of whether your company had cybersecurity policies and procedures in place pre COVID-19 pandemic.
Her insight on cybersecurity assessments is featured in the April edition of PEO Insider, a HR trade publication of the National Association of Professional Employer Organizations.
Quality, high-performing employees are your organization’s most important asset. However, they also may be one of your biggest liabilities when it comes to cybersecurity.
Marceau says phishing attempts, phone calls from fictitious support providers and fake Wi-Fi networks make it easy for an employee to fall for a scam, often innocently because the employee did not know he or she was doing anything wrong.
Even the best companies have fallen victim to social engineering attempts in which an attacker exploits an employee by sending an email that appears to come from a trustworthy source or is relevant to that person’s role in the organization.
Fake email addresses, generic greetings, bad links and creating a sense of urgency or panic are among the tell-tale signs of email phishing.
Marceau stresses the importance of educating your employees and continuing to educate them as means to reduce the risk of falling victim to a phishing attempt. Give employees examples of what to look for and what not to click on.
Discourage use of public Wi-Fi connections. Many employees may think they are joining a safe network by the name of it, but it could easily be the person sitting next to them in a public place, waiting for them to join the network and gain access to their information.
With employees working from anywhere, it is important for you to share this information and make sure they lock their devices when not in use.
Marceau also suggests having all of your employees make sure they use strong passwords that include a combination of letters, numbers and special characters. Also encourage employees to use a different password for each account. Marceau says adding multi-factor authentication when available adds another layer of protection for gaining access to your online accounts and — perhaps more importantly — keeping cyber criminals out.
Additionally, cybersecurity assessments should ensure computer software on all internet-connected devices is being updated regularly to ensure system vulnerabilities are fixed with patches. Have your employees check for updates on all devices and set up updates to be deployed automatically when possible.
Marceau says removing saved information and browsing histories in web browsers are other ways to keep your information secure. Discourage employees from having passwords saved to their browsers.
Marceau says you should review your employees’ inventory of devices and visit with them about what they use in the office or remotely. This is the best time to review your file backup procedures and visit with employees about where they are saving and accessing information.
Syndeo follows the Better Business Bureau’s 3-2-1 rule for backups: Three backup copies, two different media types and one offline and in a separate location. Unused devices should be returned and disposed of securely.
Data breach response
Do you have an emergency response plan in the event of a data breach?
Marceau says this type of plan is a key component of cybersecurity assessments and helps your team understand how to respond and what steps to take if a breach occurs. If you do have a plan, document any changes you have to your cybersecurity protocols and share these with employees. Ask them questions and schedule trainings multiple times a year.
Be vigilant and plan ahead. After all, you don’t want to wait until your information has been compromised to try to put a plan in place.
Website and network review
Assessing your website is another component of cyber hygiene. Review your website and remove anything that is no longer needed. Verify links are up to date and contact information is accurate.
Consider removing individual employee names, job titles and email addresses to cut down on phishing attempts. Remove any plug-ins and software that are no longer needed and make sure the ones that remain are updated.
Cybersecurity assessments should review your applications and the access available, including the users set up with access. Did you recently have any employment changes that resulted in changes to access? If you do not already have a process in place for when changes happen, you should do so.
It is also a good idea to limit those who have administrative privileges.
Cybersecurity assessments also should review your email spam filters to attempt to block the initial phishing emails and network connections known to have malicious content. Marceau recommends that you know what your employees are connected to and what is running on your network. Implement key security settings to protect your systems and set up a monitoring service to alert you when possible threats arise.
Make reviewing your cyber hygiene and conducting cyber assessments routine practice and continue to communicate with your employees.
Just as maintenance is necessary for computers and software to run at peak performance, so is educating your employees to do the same.
About us: As the Heartland’s leading employer services company, Syndeo partners with local business owners to help them minimize risk, improve efficiency and maximize profitability allowing them the freedom to focus on growth and fulfilling their mission. Syndeo fulfills its mission by taking on all of the HR responsibilities for our clients’ workforce, including employee relations, benefits, risk management and payroll.
~Josh Heck, Marketing Manager, Syndeo
~Contributing: Jenna Marceau, Chief Information Officer, Syndeo