It is not a fad anymore. This is not a drill. At this stage, businesses should be including cyber security as a key component of their strategic planning.
As we know, data is the new oil. Although cyber risk has been a factor since the inception of the Internet, the Canadian Centre for Cyber Security (Cyber Centre) assesses that the COVID-19 pandemic presents an elevated level of risk to the cyber security of Canadian health organizations involved in the national response to the pandemic.
The Cyber Centre therefore recommends that these organizations remain vigilant and take the time to make sure that they are engaged in cyber defense best practices, including increased monitoring of network logs, reminding employees to practice phishing awareness and ensuring that servers and important critical systems are patched for all known security vulnerabilities.
The Baseline Cyber Security Controls for Small and Medium Organizations lists a collection of lower-cost and lower-burden security controls that you can implement to thwart cyber threat actors, reduce exposure to cyber threats, and get the most out of your cyber security investments.
While the Canadian health sector faces an increased risk, these are best practices that all organizations should apply to stay ahead of cyber threats.
“The pandemic has been a game changer in terms of cyber security. Networks were designed for an occasional remote employee or remote work setup. The architecture was based on majority of the team being in the office, that is no longer the case for most businesses”, says R J Sahi, Sr. VP for Strategic Partnerships at CyberWolfe Cybersecurity Inc. Broadband and information technology are powerful tools utilized by small and medium sized businesses to reach new markets and increasing productivity and efficiency. However, businesses need a cybersecurity strategy to protect their IT infrastructure, their customers, and their data, from growing cybersecurity threats. Some simple and low-cost cyber security strategies for small and medium sized businesses include:
1. Train you employees
Most cyber security breaches are caused by human error. Training your employees to recognize and thwart a potential attack including recognizing and deleting phishing e-mails and other potential risks is a critical component to your cyber security strategy. Establish and enforce security practices and policies for employees, such as requiring strong passwords and increasing the length of passwords to a minimum of 10 characters, a mixture of upper and lower case, a mixture of letters and numbers and at least one special character.
2. Protect information, and your network
Keep your OS up to date. Ensure the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available.
3. Check your firewall rules annually
A firewall is a combination of hardware and software that prevent outsiders from accessing data on a private network. Make sure your network and operating system’s firewall is enabled and checked by a professional at least one a year.
4. Check your mobile device action plan
Mobile devices will create significant security and management challenges for you and your team. Require users to password-protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks.
5. Backup your data on a regular basis
Regularly backup the data on all your computing devices in the business. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable as well as accounts payable files. Backup data in the cloud if possible.
6. Identity and limit physical access to your computers for each employee
Eliminate access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.
7. Secure your Wi-Fi networks
If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router, so it does not broadcast the network name, known as the Service Set Identifier (SSID). Ensure you password protect access to the router.
8. Employ best practices on payment cards
Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.
9. Limit employee access to data and information, and limit authority to install software
Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs and should not be able to install any software without permission.
10. Passwords and authentication
Require employees to use unique passwords and alter passwords every three months. Consider implementing multi-factor authentication that needs additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multi-factor authentication for your account.
As the frequency and severity of cyber security threats increase, small to medium sized businesses need to include these simple but effective practices to protect their data and help thwart a potential attack. “Time is of the essence. It is not a matter of ‘if’ anymore, it’s a matter of ‘when’. Consider cyber threats to be the biggest risk to your business if you are online today”, says Gerard Racine, VP of Threat Intelligence at CyberWolfe Cybersecurity Inc..
Cover-All Managed Cloud and IT Services and CyberWolfe Cybersecurity Inc.bring together the cyber security skills, knowledge, and experience of CyberWolfe and Cover-All’s Managed Services Provider best practices for managing and hosting a physical Cyber Security Operations Centre. For more information on our Cyber Security Services please call 1-833-268-3788 or visit our website at: www.msp.cover-all.ca/cyber-security-services/.