October is cybersecurity awareness month. Are you aware?
Most people ignore basic and well-known computer and internet security practices. They don’t do regular backups. Most people don’t use password managers, multi-factor authentication, or different passwords for different accounts. They open links in phishing emails. When the inevitable disaster occurs, they are pretty severely affected. But the damage is limited to them.
Your small agency is similar to an individual in this regard. Implementing security gets put off or ignored because it’s too expensive, too much trouble, too disruptive or doesn’t produce immediate results. But think about trouble, disruption and results of a security event. Here’s 10 things you can do to handle your agency’s cybersecurity like a pro, without having to sell a kidney on the dark web to pay for it.
1. Get an anti-virus program right now!
If you are an independent broker or small agency (3-4 total personnel) you can get free software that will protect you from most threats. All free antivirus programs have a premium version that is probably less expensive than the one that came with a free trial on your computer when it was new. Make sure every single computer you use or connect with has antivirus software and antispyware. KEEP IT UPDATED! If you are a hands-off kind of person, set it up for automatic updates.
2. Network Security
If you share printing or internet with more than one computer in your office, you have a network. Protect your network with a firewall and encryption. Secure and hide your Wi-Fi network. YouTube can show you how to set up your wireless access point or router so it won’t broadcast the network name, or Service Set Identifier (SSID). Change the default password on the router. Change it again. Don’t give it to your brother-in-law or the office next door.
3. Have some rules
Create policies on how employees should handle and protect client information and other sensitive data. Put some teeth into the policy! There’s tons of templates out on the web for free. Adopt one and make sure everyone knows the policy. Check periodically to see if people are complying. Employees respect what you inspect. Oh, the rules are for you, too!
4. Talk to your people often about threats
Employees need to know about online threats and how to protect your business’s data. New threats are frequent, but are well reported on computing websites. Talk to them about what they post on social media. It’s a great tool for marketing, but it can also be a great place to skim information about your business practices, clientele, and other information you would prefer to keep confidential. Keep them off the F-Beezy or show them how to post online in a way that doesn’t give away any trade secrets to the public or the competition. See rule 3!
5. Don’t use PASSWORD as your password
The current gold standard for protection is called multifactor authentication. This requires additional information beyond a password to access data. If this is beyond your IT needs, at least use strong passwords. You would not believe how may systems I have worked on for friends and family that I was able to hack within three tries. Use numbers, letters, and special characters. Or use a complete sentence with punctuation and spaces (if you like typing… a lot…)
6. Be careful with online payments
Reputable banks and online vendors will have a secured, encrypted website (look for the lock in the address bar). Pay attention to things like certificates that validate the site. Make sure any vendor you use has industry standard security and anti-fraud tools. Your system may have to be tested to allow for financial transfers by the companies you work with. Don’t use the same computer for payments that you use to play Candy Crush.
7. Back up your information
The first thing the IT person is going to ask when they respond to the disaster at your office is… “Do you have a back-up?” I can count on the fingers of one hand the number of “yes” answers I have gotten in 20+ years of messing with computers. Your documents, spreadsheets, databases, financial files, human resources files, and accounting files probably all live on the same drive. That drive is going to fail tomorrow. Seriously. Set backups to happen automatically, at LEAST once per week, and store the copies offsite or on the cloud. Definition of the cloud: Other people’s computers. There are cheap and free programs that will do backups, and a remove-able drive is not all that expensive.
8. Control physical access to computers and network components
If you have a lot of traffic in your office, enforce password protected access and locking screensavers. Don’t leave tablets or laptops out where they can easily be taken. Don’t let Sally work on Suzie’s computer when she’s out on maternity leave. Make sure everyone has their own profile, even if you have to put multiple profiles on the same machine. Only trusted IT staff and key personnel should have administrative privileges. Important safety tip: “Dave” from Microsoft who just called about a virus on your computer is NOT a trusted IT staff member.
9. Create a mobile device action plan
If you travel a lot and use mobile devices for work, treat them just like the computers at the office! Password protect all devices, even phones. Use data encryption, and install security apps to prevent theft of information while your device is on public networks. Create a policy and checklist for what to do about lost or stolen equipment. There are free apps that will ‘brick’ a device remotely, rendering it useless. Just the threat of using this app makes most employees a little more responsible in keeping track of equipment.
10. Protect all your public-facing websites.
Last year, Google and other browsers started a security-shaming campaign that has culminated in the need for all your web pages to be secure. This is actually not a bad thing, because older pages could be hijacked and used for nefarious purposes. That’s what I read in a book…
These tips can help protect you even if you don’t have a regular IT guy or no IT guy but you. See the intro for the effectiveness of these or any IT tips. Good luck! It’s scary out there!