The cybersecurity landscape has changed drastically in the past few years. More businesses are opening up to hybrid & complex IT environments, with deployment of cloud. Employees are getting more WFHs than ever before, and given the 2020 situation, physical events are likely to be limited for the next one year. In other words, it is a good time to review and reconsider cybersecurity policies. While risks may have evolved, the basic security steps remain the same. Reports, including one by SIA and Wall Street Journal, indicate that many businesses have suffered cyberattacks related to employees, customers, vendors, and partners.
In this post, we are discussing basic cybersecurity that matters for every business, beyond the obvious.
- Hire ethical hackers
Big companies are already running bug bounty programs, and this is a good time to engage the services of ethical hackers. As the name indicates, ethical hackers do ‘ethical hacking’, which means they try to hack into devices, networks, and systems, with permission. If they manage to find security vulnerabilities, bugs and issues, they get paid. There are many guides on how to run a bug bounty program, and this doesn’t have to be expensive.
2. Define WFH policies
There are a few things that must govern how employees from home. If they are using their own devices, they have to use a secured connection. Many people don’t change their default Wi-Fi passwords, which often lead to cyberattacks. Ensure that employees use complex passwords for everything, and get them a password manager that’s reliable. Recommend the use of VPN, and encourage them to report security issues they face.
3. Get expertise from outside
If your company is unsure of how to manage cybersecurity in 2020, or how to deal with the new changes, it is time to get experts onboard. There are many services that offer cybersecurity consulting, and they can help with basic things like enhancing security at all levels, getting employees trained, and planning an incident response framework. These companies can also guide on how to remain compliant, especially with data protection & privacy laws.
Finally, ensure that your company has a clear cybersecurity plan in place. Everyone should know what their roles are, and there should be clear dos and don’ts for employees. In case an incident happens, you would want to be as safe as possible and avoid the consequences like heavy fines and penalties, which are often enforced by agencies.