No business, whether one still in start-up mode or which has risen into the Fortune 500, can risk treating cybersecurity as a secondary issue. As companies of all shapes and sizes amass troves of sensitive customer data, but also rely on computers and cloud computing to perform the companies’ day-to-day operations, each company must implement daily cybersecurity considerations into their normal operations. The risks are all too clear, and we are hearing and reading about them on a near daily basis. While each company’s needs may be unique to its specific business operations, the following are some straightforward suggestions that any company, no matter what size or stage of the company, should consider:
- Cull through your vendors—Companies should consider limiting the number of vendors they use, especially vendors who have virtual access to a company’s IT networks or even physical access to office areas of business information. Each vendor is, itself, dealing with its own cybersecurity challenges and thus every vendor you engage increases the pool of potential security vulnerabilities that put a company at risk.
- Limit external devices—Most people routinely rely on mobile devices, tablets, and laptops throughout the day not just for work but for entertainment viewing and social interaction as well. Each of those devices is susceptible to the perils of the Internet and not all devices, however, are secured equally and thus a company that permits employees to log into the company’s network with their personal devices without appropriate oversight from the company’s IT department is risking the potential introduction of malware into its systems. Even though oversight by a company’s IT department is not foolproof, establishing a policy (and following it) will assist in the effectiveness of a company’s overall security protocols.
- Backups and disaster recovery—Make sure that there are mechanisms in place to quickly restore data and promptly continue business operations in the event of a security event or data loss. Disaster recovery and business continuity plans cannot just be buzz words given lip-service by vendors and companies alike. Make sure that appropriate plans are in place, but also test them periodically as well. A plan is just another dusty three-ring binder if it cannot produce results when needed, so take the time to make sure it serves its purpose.