The flowers are blooming, the sun is shining, the birds are out — and so are the hackers. Spring may be the season for cleaning baseboards and closets, but it’s also an ideal time for companies and consumers to do some cybersecurity spring cleaning. Your data, your devices and your company will be safer for it.
Everyone Is Vulnerable
For most hackers, the primary motivation for their crimes is financial — obtaining sensitive data for the purposes of credit-card and identity theft. And while big companies have more data to steal, smaller ones are easier to breach since their networks are often less secure.
And if you think your business is too small to hack, think again. More than 70% of all cyberattacks happen at businesses with less than 100 employees. Even more alarming, 50% of small businesses have faced a security breach in the past year.
How can you keep yourself and your company safe? Follow these 13 cybersecurity spring-cleaning tips.
1. Fortify Your Firewall
For small and large businesses alike, firewalls provide a valuable barrier between your data and the cybercriminals who want to steal it. If you don’t already have one, create an external firewall and consider setting up an internal one for added protection. Any employees working from home should also be utilizing a firewall.
2. Document the Details
Businesses of every size should document their cybersecurity protocols. If you aren’t already doing this, it’s important to get a plan in place and use a checklist like the Federal Communications Commission’s cyberplanner.
Employees should be kept up to date on protocols, and they should sign documents stating that they’ve read the policies and understand the repercussions if they don’t follow them.
3. Mind Mobile Manners
While 59% of businesses allow employees to bring mobile devices to the office. Companies should create policies around protecting these devices, along with other wireless gadgets like wearables and smart watches.
If your employees are bringing devices to the workplace, spring is an ideal time to mandate company password policies and automatic security updates for all devices.
4. Keep Punctual Passwords
One study found that 63% of all breaches were the result of lost, stolen or weak passwords. And while 65% of small businesses don’t enforce password rules, experts say employees should change them every 60 to 90 days. Usernames and simple passwords are not sufficient to fortify sensitive accounts like email, banking and social profiles.
That’s why it’s important to safeguard your accounts with the highest degree of authentication possible, whether it’s biometrics or two-factor identification. To make your passwords more hack-proof, use more than eight characters and a range of numbers and symbols. Then, store your passwords in an encrypted password manager.
5. Encrypt, Encrypt, Encrypt
No device — no matter how sensitive — should ever be left unattended. That’s why it’s important to encrypt devices and protect them with complex passwords. If sensitive information is kept on a flash drive or an external hard drive, these devices should also be locked up.
6. Eliminate Human Error
It’s no secret that humans are the weakest point of any security plan. Even the most expensive and effective security tools can be undone by the actions of a user who clicks the wrong link or opens the wrong attachment.
That’s why spring is the perfect time to re-educate employees about ways to stay safe. Employees should be trained to avoid clicking on suspicious attachments or links via email, and they should always double-check website URLs to avoid harmful, fake domains. When banking or shopping, always use a personal device and a secure, encrypted connection. Never conduct sensitive business on public WiFi.
7. Safeguard Your Data
As the weather warms, keep your accounts cool by monitoring your banking, credit and corporate accounts for any suspicious activity. It’s also a good time to review your backup policies and procedures. Important information like financial files, HR documents, word docs and account files should be backed up and stored at an off-site location or on a secure cloud server.
If your data is backed up, you are less susceptible to ransomware attacks that demand cash in exchange for unlocking operational data. Store your data in multiple locations to avoid fire and flood, and make sure your backups are occurring on a regular basis.
8. Stay Up to Date
In addition to regularly backing up your data, use spring-cleaning season to make sure that your operating systems and antivirus software are up to date on all internet-connected devices — smartphones, tablets and PCs. Then, reconfigure your devices so they will update automatically in the future. Review the privacy settings on your devices to make sure you’re comfortable with the level of information you’re sharing.
9. Beware of Malware
A third of all employees opened phishing emails in 2016 — a 7% increase over 2015. As malware and phishing becomes increasingly common and ever more sophisticated, companies large and small need to fight back by installing antimalware software on every computer. Spring is also an ideal time for small businesses to educate employees about the dangers of phishing and which employees are most likely to be targeted.
10. Dump Digital Clutter
To limit the number of ways thieves can access your data, delete any unused apps on your internet-connected devices, especially PCs, smartphones, tablets, WiFi routers and smart TVs. Make sure the remaining apps and operating systems are updated automatically, since any unsecured connection can be an avenue for cyber theft.
You can also protect your email by unsubscribing from any listservs, newsletters and alerts you no longer need or want. Once you clean out your old email, files and downloads, empty your trash when you’re done.
11. Wipe Your Hardware
To prevent data from getting into the wrong hands, delete obsolete, sensitive information from laptops, thumb drives and external hard-drives — the same way you would cull and curate paper files. If you want to donate any of your devices after your spring clean, use a program that overwrites sensitive data with random data.
Then, do a full factory reset to make sure no sensitive information still exists on devices you want to donate. And password-protect any devices you want to keep. This applies to all internet-connected devices, like phones, USBs, wearables, networking equipment, copiers, printers and more.
12. Browse Better
Spring is a great time to review your browser settings and remove old data like stored passwords and old autofill information. Then, amend the settings on your browser to ensure that it doesn’t store your passwords.
You should also consider removing financial and personal information from accounts you no longer use — especially websites that store credit card data.
13. Guard the Gates
It’s wise to back up your data and install security safeguards, but defensive security can also help you monitor the devices that come into your system. Malware is easily spread through flash drives, smartphones and external hard drives, so be sure to set policies about what kinds of devices can connect to your computers.
You’ll also want to monitor your social media accounts for suspicious activity, and actively manage your location services, Bluetooth, microphone and camera settings to make sure all apps and devices are acting appropriately.
Celebrate Cyber-Safety Season
Digital spring cleaning can go a long way in helping companies and individuals protect their most precious data. Following these simple steps now — and all year long — can help you defend against even the most ambitious hackers.
But most importantly, spring is a great time to upgrade your payment-processing tools. Bluefin ensures that cards are encrypted the moment they enter a payment system. To find out how our P2PE and tokenization services protect your organization from a data breach, contact a Bluefin representative today.