Initial.IT Talks Cybersecurity With ASPE

Cybersecurity is an important consideration in every professional industry today – that’s why Initial.IT recently presented on the topic for the ASPE.

No matter what industry you work in, if you use technology in any way, cybersecurity needs to be a priority. Cybercrime is simply too wide-spread and common in the business world for you to assume it won’t affect you.

Is it possible for you to be too small to be a target for cybercriminals? The news may lead you to believe so, but it’s simply not an accurate representation of the cybercrime scene.

The truth? In almost half of all the cyber breaches that have occurred in recent years, a small business was the target. As reported in Verizon’s Data Breach Report and Forbes…

• 58% of all breaches in 2018 involved small businesses.
• 43% of all breaches involved small businesses in 2019.
• Ransomware attacks are still going strong, accounting for 24% of the malware incidents analyzed and is the #2 most-used malware type.

Unfortunately, many businesses in a range of industries still overlook the importance of cybersecurity. Longstanding, traditionally analog trades often fall behind others when it comes to adopting new technologies and modern practices.

That’s why the Initial.IT team is committed to spreading awareness in our business community through a range of industries, as we did recently with our cybersecurity presentation for the American Society of Plumbing Engineers (ASPE).

The presentation shared a number of statistics to illuminate the current state of cybercrime, and covered the cybersecurity basics that every business should know:

• Be Smart With Your Passwords: This is a basic part of safe computing. Have you considered how strong your passwords are?

• Length and Complexity: Keep in mind that the easier it is for you to remember a password, the easier it’ll be for a hacker to figure it out. That’s why short and simple passwords are so common – users worry about forgetting them, so they make them too easy to remember, which presents an easy target for hackers.
• Numbers, Case, and Symbols: Another factor in the password’s complexity is whether or not it incorporates numbers, cases, and symbols. While it may be easier to remember a password that’s all lower-case letters, it’s important to mix in numbers, capitals, and symbols in order to increase the complexity.
• Pattern and Sequences: Like the other common mistakes, many people use patterns as passwords in order to better remember them, but again, that makes the password really easy to guess. “abc123”, or the first row of letters on the keyboard, “qwerty”, etc., are extremely easy for hackers to guess.
• Have Your Patches And Updates Managed: Did you know that one of the most common ways that cybercriminals get into a network is through loopholes in popular software? Much of the software you rely on to get work done every day could have flaws — or “exploits” — that leave you vulnerable to security breaches.  To address this, developers regularly release software patches and updates to fix those flaws and protect users. This is why keeping your applications and systems up to date is a key part of safe computing.
• Back-Up Your Data: Do you have a data backup policy in place? If you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that. That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.

Be sure to:

1. 1. Back up data on a regular basis (at least daily).
   2. Inspect your backups to verify that they maintain their integrity.
   3. Secure your backups and keep them independent from the networks and computers they are backing up.

• Strategize Cybersecurity: It’s essential that you determine exactly what data or security breach regulations could affect you. You need to know how to respond to data loss. All employees and contractors should be educated on how to report any loss or theft of data, and who to report to. Data loss can expose you to costly state and federal regulations and litigation. You must be able to launch a rapid and coordinated response to a data breach to protect your reputation.  Your plan should include input from all departments that could be affected by a cybersecurity incident. This is a critical component of emergency preparedness and resilience. It should also include instructions for reacting to destructive malware. Additionally, departments should be prepared to isolate their networks to protect them if necessary.
• Make Your Staff A Cybersecurity Asset: Your staff can have a significant effect on your cybersecurity – either they know enough to keep your assets secure, or they don’t, and thus present a serious threat to your security. So, which is it? Do your employees and volunteers have the knowledge they need to spot cybercrime scams, avoid common pitfalls, and keep your data secure? Security awareness training helps your employees and volunteers know how to recognize and avoid being victimized by phishing emails and scam websites. They learn how to handle security incidents when they occur. If your employees and volunteers are informed about what to watch for, how to block attempts, and where they can turn for help, this alone is worth the investment.
• Roll Out A Security Policy: Every organization should set a security policy, review it regularly for gaps, publish it, and make sure employees follow it. It should include such things as:

1. 1. Not opening attachments or clicking on links from an unknown source.
   2. Not using USB drives on office computers.
   3. A Password Management Policy (no reusing passwords, no Post-it Notes on screens as password reminders, etc.).
   4. Required security training for all employees.
   5. A review of policies on Wi-Fi access. Include contractors and partners as part of this if they need wireless access when onsite.

• Don’t Forget About Mobile Devices: This type of comprehensive policy dictates how your employees can use their personal devices for work purposes, dictating which security apps should be installed, and what best practices need to be followed. An effective MDM policy should also instill safe and secure practices for employees that use personal devices for business purposes.
• Test And Assess Your Cybersecurity: Determine how your data is handled and protected. Also, define who has access to your data and under what circumstances. Create a list of the employees, volunteers, donors, or contractors who have access to specific data, under what circumstances, and how those access privileges will be managed and tracked. You must know precisely what data you have, where it’s kept, and who has the rights to access it.

If you’re having trouble managing cybersecurity, then reach out to Initial.IT for help. We’re here to provide knowledge and guidance for businesses trying to stay secure.

Like this article? Check out the following blogs to learn more:

Cleaning Up From The COVID-19 Chaos

How to Transition to a Remote Team

How to Stay Safe Against the Cybersecurity Repercussions of COVID-19