October, the month of cybersecurity awareness is here. Now is the best time to take a look at your companies cybersecurity situation and make improvements.
We hope that you already are familiar with basic rules of cyber hygiene like secure password, network management, database protection, access verification (if not, send us an email at email@example.com to book a consultation and we will teach you)
Here we offer you 7 non-obvious cybersecurity recommendations:
1. Make changes on Saturday.
The reason for making changes on weekend is mainly, you don’t want to interrupt your usual work routine. It would be not convenient for clients if your service or product is not available because your website is down or the database is not available at the moment. Making changes sometimes may lead to unexpected issues and you will need time to fix them. Also, this day may be flexible, if you expect more clients on the weekend or holidays, schedule maintenance work on the other day. In addition to this recommendation, don’t leave your system unattended right after you implement changes, again some issues may occur and you will need time to handle them.
2. No false expectations
Don’t make false expectations regarding employees' knowledge regarding cybersecurity. It’s very common, especially for technical people to think that others have a decent understanding of cybersecurity “by default”. Usually, it’s not the case. If for you is obvious that leaving the default password is a bad idea, other people may not even think about it and simply leave it as it is. People need to be trained in privacy and security. Define what is current knowledge and where is a gap. Only understanding of the current situation will help you to choose what security training is needed.
3. Define appropriate measures for your field.
Depends on if you build a health care application or sell farmer apples your cybersecurity will differ. It’s important to keep in mind that work with sensitive data such as medical records requires additional security implementation.
4. Don’t overdo.
This point is strongly connected with the previous. In cybersecurity is no such thing as one size fits all. Is it possible to have much cybersecurity? Yes, and the idea is to find proper technical measures. If you demand from employees to have strong and unique 15-symbols with lower- and uppercase letters, numbers, and special characters and require to change them every week, that may sound like good security, but in reality, considering the human factor is close to impossible. It can lead to a situation where person will write the password on the sticker and place it under the keyboard, and instead of high security you will get zero security.
5. Have a backup plan.
Cybersecurity experts recommend having a backup to recover your system, however, you also need to have a plan on how to do it. Think of what you will do if something happens. How much time and money will you spend to recover the database if it will be erased by a hacker? How long will it take to back in business if your website is down? There is a big difference between theoretical and practical knowledge. It’s very important to understand what to do and have a specific step-by-step plan on handling incidents. We recommend starting with identifying the most crucial part of your system and where the highest risk is presented.
6. Don’t underestimate existing risks
Unfortunately, it is common for companies especially startups to think that cybersecurity is not their concern. Here we have an article about why startups should care about security as well. Read an article
7. Get an external opinion.
Look at your system as an attacker, how would you try to get inside? You may know your product very well but an external audit is always a good idea. Let professionals take a look at your environment. For instance, penetration testing will help you identify the weak point and overcome them.
Our CyberWise team highly encourages you to use this month to improve your cybersecurity and we hope our recommendations will help you to do so. This month many companies have a special offer for cybersecurity services. Contact us via email firstname.lastname@example.org and use the “CyberOctober” code to get a special offer.