Houston expert: 5 tips for improving your company's cybersecurity
guest column
Imagine waking up tomorrow to find out that all of your critical information (trade secrets, financial data, customer lists, etc.) is gone. While working to find out what happened, you order lunch online, only to find out your bank account has no balance.
That scenario happens every day to business leaders just like you. Here are 5 tips everyone should know, which will help reduce cyber security risks.
Tip 1: Know what you need to protect
If you don’t know where your data is kept, how can you protect it?
From hardware like laptops and cell phones, to critical software including accounting and HR, spreadsheets used to calculate financial reports, OneDrive accounts, Google Drive, and “C” drives, there are numerous places your critical data could be kept. Work with your managers to identify every piece of hardware, software, and where the critical data is kept.
Tip 2: Turn on multi-factor authentication for everything you possibly can.
Whenever possible, someone should need a username, password, and a code from an authentication app, text code, e-mailed code, something that’s a unique identifier that randomly changes in order to access critical company information. Alternatively, you can rely on biometrics (fingerprints, facial recognition, etc.) as your third line of protection.
Tip 3: Know who has access to the data and implement basic user access rules.
Everyone should have their own username and unique password. Generic admin accounts, shared user accounts, etc. should never be allowed. If you’re only paying for five licenses but have 10 people accessing the software, stop being cheap and pay for more licenses.
Log in to your bank’s website (or go to a local branch) and run a report which lists who has access to the online banking system and what they can do within it. While you’re at it, get a report of everyone with signature rights for checks and make sure it’s properly updated.
Run a report of all users for each software you listed above which includes what level of access they have. Does their access match their job requirements? Remove all access that isn’t required for their job. You can add access back later if they need it. This can also help you identify employees who might have too many responsibilities.
Now go through the rest of the software, network folders, and the other items you listed above and do the same exercise. Going forward, whoever “owns” the data in each system (banking, accounting, HR, etc.) should approve all access to that data.
Tip 4: Back up that data — often
You most likely have a folder on your computer that has important information in it like Financial spreadsheets, HR files, customer data, and marketing plans. If you selected that folder and hit the delete key, then you opened the recycle bin on your desktop and the folder wasn’t there, how bad would your day be?
Now that you know the location of files, folders, software, and other important data points, turn on an auto-backup process and test that process about once a quarter. If you use something like Google Drive, Microsoft’s OneDrive, or similar cloud services, most will provide free backup support. However, before you do that, require all employees to move important files off of their “C” drive and into network folders.
Tip 5: Implement antivirus software
I’ll be the first to say that I hate antivirus software. Why? Because it typically slows down your computer while it runs in the background and flags items like the spreadsheet you use every month as a “potential threat”.
Even so, the aggravation is worth it in the long run.
There are tons of antivirus software options. If you think about protecting your home, you don’t need armed guards, attack dogs, and a feral cat. You do need someone to glance out the window to see who is at the door. If it’s a group of zombies trying to eat you, then you need to have the ability and resources to protect your home. Pick an antivirus software that matches your budget and get it in place. Don’t overthink it, just get it going.
One last bonus tip I’ll leave you with — have random test “phishing” emails sent out to everyone (including yourself) in your company. The number one cause of cyber security issues in businesses is internal users clicking on fake emails.
------
Thomas Mullinnix is the founder of Houston-based Re-Vision Management Consulting LLC.
- Houston cybersecurity startup nabs Chevron partnership ›
- Texas A&M receives $10M to create cybersecurity research program ›
- Houston expert: Top three ways to make cybersecurity a business decision ›
- Edwin Bailey of Skanska on digital twin tech - InnovationMap ›
- Skanska expert: Addressing skilled labor needs in Houston — including the role technology plays - InnovationMap ›