Spring is here, which means it’s time for spring cleaning. This year, in addition to tidying up the office and sprucing up your operations, make sure you keep digital spring cleaning in mind. After all, a data breach can not only potentially harm your customers, but it can result in a severe loss of trust in your brand, one that your business may never recover from. That makes digital spring cleaning one of the most important preventive actions you can take.
Unfortunately, cybercrime is just as much a threat as ever. In September 2017, the Equifax breach revealed to hackers the personal information of 148 million Americans. Last year, the Meltdown and Spectre vulnerabilities could have allowed the exploitation of potentially every Intel processor made in the past decade — without leaving any evidence of the hack. Facebook, MyFitnessPal, and others have sustained breaches affecting tens of millions of users.
And cybercrime doesn’t just threaten corporate giants. The Better Business Bureau’s 2017 “State of Cybersecurity Among Small Businesses in North America” report estimated that cybercrime costs small businesses $80,000 per year on average.
Most businesses, large or small, have plenty of things they should clean up during a good cybersecurity spring cleaning. But often, it’s challenging to know where to begin and which actions will yield the most value. There are, however, some key steps you can take to reduce the chance that cybercrime will damage your business.
1. Polish your logins.
One way cybercriminals gain access to places they shouldn’t is through logins to various online accounts. Sometimes, it’s just a matter of employees using easily guessed passwords. Worse, gaining access to one account can often provide a hacker the username and password to other accounts, including ones relevant to your business. Therefore, it’s critical that you and your team members adopt best practices regarding all your online accounts.
As part of your digital spring cleaning efforts, start an awareness campaign at your company. Encourage all employees to delete unused accounts and “harden” the ones they do use by creating difficult-to-guess passwords through use of a password manager such as 1Password or LastPass. You should then go one step further and enable two-factor authentication, which will require a second code delivered to users’ mobile devices in addition to a password. This means that unless a hacker has an individual’s device in hand — hopefully an unlikely occurrence — he or she will be unable to hack the user’s account.
Finally, emphasize that hackers often get access through deceptive phishing emails that send seemingly legitimate login links for an actual service; then, show your team examples of what these phishing emails look like. By educating your team members on the telltale signs of a fake login, you can prevent them from giving away their login credentials.
2. Dust off your archives.
Not only can it be very useful to maintain and archive all company communication — from emails to texts to social media posts and responses — but it’s often a matter of regulatory compliance.
Protecting the personal information of those you employ and serve requires that these communications be locked down and safe from the prying eyes of hackers. Yet the “2017 Electronic Communications Compliance Survey Report” from Smarsh found that many companies are still struggling to achieve the proper oversight and protection of their communications.
If your company is finding digital archive compliance a challenge, consider seeking third-party help. For example, Anchor Pointe Wealth Management, a Missouri-based independent financial planner, used ZixArchive to automatically archive emails and other information according to specific retention policies and legal requirements. Your archived information could be vulnerable; change that situation when doing your digital spring cleaning this year.
3. Scrub your routers.
Most of us know to use malware removal and protection software on our computers and to apply the latest updates as they’re released. What we often overlook is that any web-connected device could be harboring malware. To be safe, assume all of yours are, and get to work rooting it out.
One of the first places to start is with your routers. Because they aren’t computers themselves, they tend to get ignored when considering security vulnerabilities, but routers are a prime way that hackers can get in to your systems, whether at work or at home. In 2017, for example, malware took control of 100,000 ZyXEL routers in Argentina.
To be safe, use newer routers, which have a better chance of including hardware that has patched previous security holes. Also, have your IT team check for and install firmware updates frequently. Finally, be sure to change the default username and password of all routers you and your team use. Routers often come with a default login that any savvy cybercriminal can exploit to access your systems.
A digital spring cleaning of these basic components of your electronic life at work can give you peace of mind all year. While the temptation is always to do it “later,” in a world where a cyber break-in can cripple a business overnight, you don’t have that luxury.
So don’t put your digital clean sweep off until the flowers bloom; implementing these basic changes can be a great way to start your spring off right. Knowing you’re as protected as you can be means you can focus on the actual work of your company instead of losing sleep over long-overdue cybersecurity maintenance.
CREDIT: Serenity Gibbons, Forbes