This is part two of a two-part series on cybersecurity. Part one can be found here.
Banks and other businesses that hold people’s most sensitive personal information are and will always be prime targets for cyber thieves. A proactive approach is the best way to ensure your customers’ data remains secure. Of course, that’s easier said than done. A proactive approach is truly a team effort that involves virtually everyone in your organization.
While it may seem like just an IT issue, the actions of your every- day staff are also critical keys to a robust cybersecurity program. Here are some best practices related to your staff and their computers that can help thwart any would-be attackers.
- Lock It Up
You step away from your computer to grab another cup of coffee, did you lock your computer? While this best practice seems trivial, one would be surprised at how often it is not done in the office. Our computers house sensitive information and business processes, and when a workstation is left unlocked, there is a possibility an attacker could have unrestricted access to the system. To avoid possible information leaks or embarrassing photos being spread, simply remember to lock your computer before leaving your desks. Quick tip: Press the Windows Key + L to quickly lock your screen.
- Protect Your Machine
Patching your operating systems and applications is another important security practice. Although patches are often released on a regular basis from Microsoft and Adobe, there are times when patches are sent out “off schedule” to defend against zero-day threats. Keep in mind that as time passes, new threats will be found, so system patching will be a constant security measure.
- Be Aware
Social engineering is a non-technical approach hackers use to get sensitive information. Social engineering techniques include phishing emails, fake phone calls, and physical impersonation. Employees must be trained to be helpful but stern when it comes to giving out information, as well as how to identify a potential social engineering attack.
Having all employees well-trained in the basics of network, system and information security is a huge step in today’s cyber world and one of the best investments that can be made. If you have a basic understanding of security or know how to identify a potential incident, you are less likely to fall victim to an attack. At the office, each employee should be kept up-to-date on information security policies and their role in protecting sensitive information. They should know the expectations when it comes to the limitation of personal use on company-provided equipment and should sign a statement acknowledging they understand the policies and penalties that result if guidelines are not followed.
Disasters that could cause data loss don’t usually give much of a warning, so consider this your friendly warning. Businesses are often not prepared for fires, floods, power failures, employee errors or even malicious programs. In each of these instances it is entirely possible for businesses to lose some, if not all, data and information stored on the computer systems. The best way to ensure all data and information is safe is to automatically back up all critical data on a daily basis. Data backups should be stored in a secure, off-site location.
Please contact your Eide Bailly Professional.