Multi-Factor Authentication

This simple, yet strong security feature is also known as MFA or 2FA (two-factor authentication). Some apps, like your bank, require MFA to be setup when you first login. However, many other applications allow you to choose whether or not MFA is enabled or enforced. We recommend requiring every employee to use MFA for every application. Where possible, set the app to enforce MFA – so you know every employee is using it.

If you want to learn more about MFA and how it keeps your business safe, read our full break-down here.

Install security updates regularly

In today’s world of online services, fast-paced software development, and AI threats – it’s more important than ever to keep your software and devices up-to-date. Most of the updates we receive are security updates, fixing vulnerabilities that have been discovered. Make sure automatic updates are enabled where possible. For devices that require manual updating, create a list of the devices and check for updates at least monthly. The last thing you want is to suffer a hack that could have been avoided by a simple update!

Backup your data and test the backups regularly

Make sure you have a comprehensive backup strategy in place to keep critical data safe. It’s best to keep two backups of your data at all times – one that is stored locally in your office, and one that is stored off-site. The off-site backup should be located far away from your physical backup. Cloud services are a great way to have a secure off-site backup.

Configure your backup to alert you when a problem occurs. Additionally, we recommend manually checking on your backup at least monthly to make sure things are working as intended. Alerts are great – but sometimes they don’t work quite right. Double checking only costs a little bit of time, but can save you greatly.

Train your employees

Train your employees how to spot phishing emails and other cyber threats. It’s also important to train them what to do when they spot a threat. Your employees can be your greatest risk or your greatest defense – so why not make it the latter? Training every employee on a regular basis will keep their senses sharp and help fortify your cybersecurity throughout the business. Require new hires to complete a formal training program right away. Meanwhile, make sure all other employees complete training at least annually.

Create a Written Incident Response Plan

Those who fail to plan, plan to fail. This couldn’t be truer when it comes to your cybersecurity! Right now, before a disaster strikes, is the best time to create a plan. Your incident response plan should include a few key pieces.

First, specify the person or team responsible for executing the plan. Next, write down any support staff included in carrying out the plan. Make sure to include a way to contact these team members, even if company phones are down. Finally, write out the steps you will take when a disaster strikes. Here are a few examples.

1. Investigate the reported event to determine whether or not it is a security incident
2. Determine the scope of the incident and notify affected parties
3. Perform recovery steps
4. Debrief to discuss the incident and adjust the incident response plan as needed

By following these 5 simple steps, you will greatly increase the cybersecurity in your business.

We help our clients with these steps and many more, starting with our Sentry Inspect cybersecurity & I.T. assessment. Don’t wait until it’s too late – schedule a compatibility consult with our team today learn how we can help.