The holidays are always hectic for businesses and IT professionals, but with so much commerce now done online, there’s another serious threat for which you must be prepared: cybercrime. Considering cybercrime cost businesses and consumers a staggering $3 billion in 2015 alone, and is expected to grow to $6 billion or more by 2021, it’s essential that you understand how to keep your business safe in the digital space. To help you get started, here are ten essential tips you need to know in order to stay cyber-safe this holiday season.
1. Create a Plan
With such a diverse and complex range of threats, you simply cannot hope to protect yourself against digital crime without first forming a plan of action. The specifics of such a plan will depend on the nature of your business, but the best place to start is by conducting an assessment of your operations. Identify any and all data that your business needs to protect, review – and, if necessary, improve – your current security measures and determine who can access this data and under what conditions. Finally, create an incident response plan to detail what steps your business will take in the event of a security breach, data loss or another unexpected incident.
2. Define Digital Best Practices
You likely have best practices defined for other areas of your business, whether it’s sales, manufacturing, software or anything in between, but do you also have cybersecurity best practices? To minimize your risk, create and codify a set of security standards that you expect your employees to follow. Common best practices include using strong and unique passwords for each employee and each device, using properly configured firewalls on all networks, scheduling regular data backups and, wherever possible, using multifactor authentication for added security.
3. Train Your Employees
While you may look to your networks and firewalls and antivirus programs for vulnerabilities, the unfortunate reality is that the greatest security risk often comes from employees themselves. For that reason, it’s essential that you take time to ensure your employees are properly educated on cybersecurity and trained to execute your security plan. In particular, train your employees to spot phishing, spear phishing and other social engineering attacks, and educate them on the proper steps to respond immediately. One effective method is to establish an independent email inbox to which employees can forward any suspicious emails, where they can then be safely examined at a later date.
4. Stay Prepared
The holidays can create all sorts of unexpected issues for businesses, and you’ll need to be prepared to handle any and all of them. One common issue is understaffing, as the combination of increased business volume and employee unavailability means that businesses are often left scrambling to cover too much activity with too few people. This may lead to costly delays, increased processing time and even potentially risky or damaging oversights, so it’s essential to plan ahead and account for any potential staffing shortages and delays.
5. Audit Your Systems
Routine audits of point-of-sale devices, backend hardware, business networks and other systems is an integral part of any effective cybersecurity plan, but it’s all the more essential in the days and weeks leading up to the holiday season. With detailed audits and penetration tests, you can identify and fix any vulnerabilities and ensure that your systems are secure and robust enough to handle anything that’s thrown your way during the holidays. If your business uses point-of-sale machines, be sure to also physically inspect them for the presence of skimmers or any other signs of tampering.
6. Protect Against Ransomware
Ransomware is not a new threat, but it has become significantly more common – and costly – over the last year. Businesses of all sizes and in all industries have come under attack from this growing cyber threat, resulting in billions of dollars in losses and damages around the globe. There is no single way to avoid or prevent ransomware attacks, but all employees should be made aware of the threat and urged to practice good cybersecurity habits at all times. This includes never clicking on email links from unknown senders, keeping all software updated and patched and installing effective antivirus solutions on all devices.
7. Employ Detection Tools
When a data breach or other cyberattack occurs, time is of the essence. A timely, appropriate response may mean the difference between minimal disruption and a major security issue, so early detection is key. To facilitate this, install intrusion detection tools across your networks and ensure that your employees are regularly monitoring these tools. If an intrusion is detected, train your employees to immediately begin enacting the response plans you created earlier.
8. Keep Software Updated
It seems so simple, and yet many otherwise ironclad cybersecurity plans are undermined by software that is out of date. Software updates often include key security patches and other improvements, and failing to keep all of your business’ software regularly updated means you could be left vulnerable to attack. Remember, too, to regularly update the firmware for any devices your business may use. If your business utilizes an externally-hosted payment processing platform, shopping cart or other software, it’s also important to contact your providers and verify that they regularly keep their systems up to date.
9. Prepare for DDoS Attacks
Can your business’ systems withstand a Distributed Denial of Service (DDoS) attack? These relatively simple attacks use massive networks of bots to flood a system, overwhelming its capacity and causing it to slow or shut down entirely. This type of attack can easily cripple a system for an extended period of time, which is particularly damaging during the crucial holiday season. To limit your risk, ensure that you have proper DDoS attack protection and mitigation tools in place, and verify that your systems can handle an attack without degrading or failing.
10. Implement a BYOD Policy
Does your business permit employees to bring their own devices to work? Are they allowed to connect to your networks with their devices? If so, your cybersecurity plan depends on creating and implementing a clear bring-your-own-device (BYOD) policy. This policy should clearly lay out what kinds of devices are and are not permitted, what data and which networks can be accessed and what rights you have, as the employer, to manage your employees’ devices. It’s also critical to require stiff security measures be used on any personal devices to ensure that company data remains well-protected.