We’ve all had those new year’s resolutions, we start strong for the first couple of weeks. Then quickly reminded by how busy being in business is and our priorities shift. Our good intentions slowly get forgotten about and never picked back up.
If you’re here, it’s because you want to do the most crucial thing you can for your business. Make sure your cyber security is up to snuff.
Whether you’re starting from scratch or want a fresh perspective, we’ve listed key goals you must work towards so that your cyber security resolutions will not die in spirit. Here is everything you need to get the ball rolling with your cyber security today.
Let’s be clear, this might be daunting, but let me remind you this isn’t a solo effort, cyber security is a collaborative process. Work with your IT provider, HR, and the entire team to discuss, brainstorm, and implement these tactics. Rome wasn’t built in a day and neither will your cyber security. Take your time and get each step right from the start.
Here are 5 cyber security resolutions to prepare your business for online threats in 2023.
Perfect Your Password Policy
I get it, passwords, how boring. Listen though, I’m going to tell you something you probably haven’t heard before.
You’ve always been told for staff to change their passwords frequently, let’s scrap that. It’s obvious to both of us that getting staff to constantly change their passwords is nearly impossible, time-consuming, and annoying. Requiring frequent password changes only leads to users making small adjustments to their already simple, previous password, resulting in weaker security.
Users should have strong and unique passwords for each account. To help achieve this, only enforce password changes when there is suspicion that passwords may be compromised. Now, staff can focus on creating a stronger password, knowing it won’t need to be changed anytime soon.
A simple way to implement this? Promote the use of unique passwords by using a password manager, it will do all the hard work for you. They can create and store an unlimited amount of passwords for all staff, it’s a tool that will save your team loads of time.
If you’re a micro business there are lots of free password managers. If you have 10+ staff, you’ll need to pay for a business-based password manager. Our top business password manager recommendations are Keeper, Password Boss and LastPass. At Pronet we use Keeper for ourselves and all clients. Its extensive sweep of security features makes it one of the best options for cyber security.
Top it off with the security measure in our next resolution.
Enforce Multi-Factor Authentication (MFA)
Do you know how you get a text asking to enter a 6-digit code after your login details? Yeah, that’s a form of MFA and it’s extremely important now.
So important that enabling MFA reduces the chance of your account being hacked by 99.9%. Hackers will not be able to access your account unless they are physically able to get your MFA-enabled device. Let’s be honest that won’t happen because I don’t think they’re leaving their bedroom anytime soon.
Making sure all your staff and all their accounts are set up with MFA is a MUST this year. It may not be something you can directly implement yourself, so make sure your IT team put it as a top priority. It’s on you to make it happen!
And a little bonus. Some of the current password manager apps allow you to use MFA within them. The same application can be used to enable strong passwords and implement MFA. Talk about cost-effectiveness.
Remove Old Users from Your Systems
One big cybersecurity resolution for the new year is to clean up all those old user accounts.
If your company has active accounts from old employees, it dramatically increases the potential vulnerabilities in your organisation. An attacker only needs to find one set of login details to gain access to your systems.
Let’s not waste any time with this one, start removing unnecessary accounts to reduce the risk of hackers infiltrating your network. That’s not all. If you want to stop this issue from coming back up there’s one more thing to do.
It’s even more important to change your policies to ensure the principle of least privilege is followed. What this means is that users should only have access to the resources they need to do their job. When that access is no longer needed it should be revoked.
This becomes especially important when employees change roles, leave the company, or are terminated. They may attempt to abuse their access and cause harm to your organisation through actions such as stealing or destroying data, planting malware, or other malicious actions.
Let’s get rid of those old accounts and get new policies in place to prevent the issue going forward.
Conduct A Risk Assessment
I do not doubt your business has experienced some kind of change over the year. Whether that means changes to your systems, structural arrangements, technology or more, your business is in a state of flux.
Due to that, a yearly risk assessment is so important. It gives your company a chance to take note of all of these changes and analyse the threats to your security.
Once your organisation has an updated view of the challenges it faces, it can plan successfully for the future. This may include adjusting security plans and policies to stay safe in the coming year.
Without conducting a risk assessment based on all the changes, it could cause you to focus in the completely wrong areas. Not only wasting time and resources but also leaving your business vulnerable in to threats.
Get that new year risk assessment done ASAP.
Quarterly Employee Training
This might seem daunting, but one, it’s the most important, and two, it’s not as hard as it seems.88% of data breaches are caused by employee mistakes. Human error is still the driving force for cyber security issues, you’re asking for problems by ignoring staff training.
When it comes to training staff, there are already so many resources online where the work is practically done for you! Videos, articles, and interactive quizzes are readily available and can be accessed at staff members’ own pace. All you need to do is point them in the right direction.
Be sure to make it relevant. Relate training materials to your staff’s job responsibilities and the types of threats your organisation is most likely to face. Of course, you’ll know exactly what kind of threats your business will face from that risk assessment. This will help ensure that the training sticks and that staff are more likely to use the skills they learn on the job.
Training provides a good opportunity to remind your staff of policies, but they also allow you to update them on the latest threats. Your employees are often the first line of defence in a cyberattack, so don’t underestimate their role when it comes to protecting your company.
Conclusion:
There you have it, our 5 cyber security New Year’s resolutions. 5 things that we believe are a must to implement to have the best chance of being protected this year. With cyber crimes predicted to soar in 2023, you don’t want to take any chances, especially with your business.
Remember what I said initially: cyber security is a collaborative effort. Work with others in your organisation to ensure this gets done, otherwise I can guarantee you will fall short. Tackle one at a time and get them right from the start. Good luck and I wish you a successful year ahead!
