Q: Besides having employees use passwords, what are other ways to keep your company safe?
A: A great question about digital security for entrepreneurs is: Where do I start? For most early stage or startup companies, it’s everything you can do just to have your vision play out with minimal distractions. That said, the last thing you want is to have your business sullied by being a victim of an attack.
Over the past year we’ve seen a dramatic increase in ransomware, a type of malware that freezes certain files on computers and smartphones then requires a ransom to unlock the files, targeting small companies. Being a victim of ransomware can have a crippling effect on your business and your fledging reputation.
Beyond requiring complex passwords and that they be changed, at a minimum, once every quarter, the top four digital security measures that should be part of your company include the following:
1. Install anti-virus on every PC and smartphone and keep it current.
This may seem obvious, but I’m surprised at how often I hear about companies that do not have active anti-virus software installed. Most anti-virus software includes a firewall capability which should be turned on as well. Having both active is the first line of defense against bad actors targeting your business.
2. Teach employees how to determine if an email is part of a phishing or spear phishing campaign.
Phishing or spear phishing is when scammers use email to elicit sensitive information to be used for malicious activities. This year we have seen several instances in which employees received an email from scammer posing as their CEO requesting the employee’s user name and password. It was surprising how many employees sent that information. Last year at Intel we launched a phishing quiz. More than 40,000 people took the quiz and 97 percent got at least one wrong.
3. Have all employees install and use a web reputation tool when browsing.
Implanting malicious software into a website to infect devices that visit the website is a popular technique used by cybercriminals. We refer to this type of attack as a “drive-by download.” There are several free tools available to everyone that will alert them if they are about to go to a website that is known to contain malicious code.
4. Implement a comprehensive backup program.
This, much like installing AV on every device, should be apparent, but again I’m surprised by how often companies lose everything when they are the victim of a cyberattack because they don’t have its critical data backed up. You have two choices here. You can use a cloud-based storage option or you can use on premise storage. My preference is to use a physical hard drive that I keep under lock and key when not actively backing up my systems. I also back up everything at least weekly. There are several options for both cloud and on premise backup systems that have very flexible scheduling capabilities. Choose which works best for your business and be disciplined about ensuring everyone adheres to your backup policy.
I envision a day when being able to demonstrate your security posture will be table stakes for businesses or consumers who choose to use your product or service. You will be much further ahead by taking these simple steps today than have your security posture evolve as your business grows.