Posted on Friday August 21, 2020

Cybersecurity: Three tips to ensure your company's IT is protected

Data collected from small and medium-sized businesses is a real gold mine for hackers. Confidentiality, integrity and accessibility: cybersecurity aims to protect your IT networks from intruders while ensuring secure access for your employees, both at your physical offices and while telecommuting. Here are three golden rules for securing your business data.

1. Develop an IT security plan in 10 steps

An IT security plan is essential to safeguard your information and deal with possible threats to your systems.

1. Identify your company’s major IT assets
   Take the time to weigh the relative value of your business data: customers, suppliers, financial data, etc. The assets to prioritize in your protection efforts are those that you feel are most important to your SME.
   
   
2. Target threats associated with your assets
   By clearly identifying potential threats, you’ll be able to determine which assets could be subject to computer attacks. The attacker may take the form of malware, a fraudulent website or a phishing email, all with the goal of using your private information to block your activities or make illegal transactions.
   
   
3. Rank the list of risks in order of importance
   "Low, medium or high": It’s up to you to determine the significance of a potential IT threat. This will help you prioritize the types of threats that are most likely to affect you.
   
   
4. Find simple ways to reduce the risks
   Brainstorm with your team or with cybersecurity experts to identify which daily actions could lead to a crisis situation.
   
   
5. Determine improvements to be made
   Firewall or anti-spam software, backups on an external hard drive or in the cloud: there are a wide range of tools available on the market and actions to take to gradually optimize your overall protection.
   
   
6. Establish a realistic timeline for implementing security measures
   Your keyword for getting results without becoming discouraged: reality! You can’t perfect a Web security plan overnight. Prioritize urgent improvements before embarking on a comprehensive overhaul of your IT operations.
   
   
7. Identify the required resources
   People, time and money: plan how you’ll use them in the first year of your plan’s rollout.
   
   
8. Anticipate possible problems
   If you know your enemies, you’ll be better able to defeat them! Plan for additional resources, such as a contingency fund, to ensure that you can continue to operate even in the event of a software malfunction or interrupted backup.
   
   
9. Put the plan into action
   It’s time to use all the software and implement all the policies you’ve prepared!
   
   
10. Measure security effectiveness and reassess future threats
    The IT world is constantly evolving. To stay protected you’ll have to adapt to new risks that may arise. Make sure you always have up-to-date safeguards in place.

The costs of cybersecurity: Budget and contingency fund

Your IT security should not swallow up your annual budget. With a little research, you can find free tools and tips to optimize your IT security. For example, the Government of Canada offers the Get Cyber Safe Guide, which recommends using your internal resources first to implement a Web security plan. This will allow you to benefit from adequate protection at a lower cost.

Cybersecurity is an investment that’s essential to the sound management of your business. The cost of purchasing security tools and updating them, the cost for support, advice and training as well as the contingency fund needed to cover losses caused by a cyber attack should be included in your financial activities. Avoid the unexpected by allocating a budget for the protection of your business data.

2. Educate and train employees: In the office and while telecommuting

Not everyone knows the dangers of data theft and computer attacks. Education and training are essential to ensure that all your employees are on the same page, both in the office and while telecommuting from home.

Create an awareness program

Keep your employees’ knowledge up to date with an internal IT security awareness program. Start with general training on the basics of data protection and then train your team on upgrades and IT policy enforcement.

No need to annoy your employees with endless boring presentations! Using card games, escape games and quizzes, Orange Cyberdefence offers a host of alternatives to traditional awareness programs to help learners see cybersecurity in a new light. (Article in French.)

Develop policies and standards

Documents, infographics or PowerPoint presentations: whatever form they take, your cybersecurity standards must be clear, easy to access and easy to put into practice in order to properly guide your staff.

Take the time to adapt or write your own general policies that your employees will need to make their own. This will allow you to better justify and enforce them. The rules regarding the use of social media, personal use of work computers, what measures to take when working from home or when malware appears should be clear and simple.

Working at home without straying from guidelines

The COVID-19 pandemic has transformed our relationship to telecommuting, which has become a more common option. With an easier work-family balance and undeniable advantages in terms of space management for companies, these changes are likely to become ingrained over time. How do you protect your sensitive data outside the office? Here are a few things to watch out for in order to manage your staff effectively:

• Restrict access to business data to only those employees who really need it.
• Adapt the level of access to the task to be performed. An employee in charge of client accounts who migrates to the finance department should no longer have access to the information they previously had.
• Encourage the use of office electronics with anti-virus and firewall software instead of personal computers, which are more vulnerable to cyber attacks and used by several members of the same household.
• Ask your employees to use a VPN (virtual private network) and protect their wireless networks and devices with complex passwords.

3. Maintain a high level of protection: Vigilance and a backup plan

You’ve dug the moat and raised the drawbridge. Now, all you have to do is stand guard from the top of your castle! Once your strategy is well established, you’ll need to maintain continuous protection. Now is the time to choose your cybersecurity watchdog and develop a contingency plan.

Designate a person responsible for your data security

It’s crucial to appoint a team responsible for maintaining your Web-based protection and for keeping an eye out for threats. This team can implement the action plan, ensure compliance with your company’s cybersecurity policies, standards and best practices, stay on top of new threats and hacker schemes, and update the company’s various software and electronic devices, whether they’re used in the office or at home.

Phishing, harpooning, malware, spam: hackers are creative. Those in charge of IT security will have to become true detectives in order to recognize the different forms that cyber attacks could take within your company.

Does your manager know about the fake employee scam? This scam targets small and medium-sized businesses that have not been educated about cybercriminals. It’s used to infiltrate your computer systems in order to interfere with your operations or steal your banking information.

The fraudster will introduce himself over the telephone or by email as an employee of a financial institution, offering to update your business information or improve your services. The fake employee scam seeks to have you download malware that can steal your confidential business data. Beware of a tone of urgency or ambiguous offers. A company employee would never contact you directly to make such changes.

How do you protect sensitive data?

What if, after all this effort, your fortress is breached by hacker attacks? Even with a highly effective plan in place, you need to have tools to survive a loss of critical information or services.

Develop a backup plan

The backup plan is essential for recovering data that may have been stolen, damaged or altered. Plan to back up your information to external drives outside of your business devices so that you can get quick and easy access to all of your data.

The cloud: Secure and accessible backup

Cloud computing is the future of security. It allows you to upload your data into a cloud that you can access at any time from a device connected to the Internet. Offering document management, billing and marketing services, this powerful tool offers you greater security...and peace of mind!

The reputation of your company and services depends on the confidentiality, integrity and accessibility of all your data. It’s a responsibility that rests partially on your entrepreneurial shoulders, but one that can become easier to bear with the right resources and support from your team.