Monthly Archives: October 2023

From Aware to Prepared

With an increasing number of devices connected to networks, as well as increasingly sophisticated cyber attacks, the threat landscape is incredibly broad. In 2003, the US government and various industries collaborated and created Cybersecurity Awareness Month. Each October, the spotlight falls again on keeping your system secure and being secure online. Read on to learn about becoming not just aware, but prepared, all year long.

 

Benefits of the Awareness Movement

 

The goal of the collaboration on Cybersecurity Awareness Month is to raise awareness about the importance of cybersecurity, and to ensure that businesses–including small to medium-size businesses–have the resources to be safer and more secure online. Such resources include educational tools like guides, planners, training modules, and much more, to help your business make cybersecurity awareness a visible part of your organization. Not only do these tools come in different languages, but they can be modified to fit the specific needs of your organization.

 

Awareness Just the Beginning

 

While awareness is certainly important, it’s just the beginning of being prepared. A good first step in preparedness is mapping your entire network, finding out every device connected to it and learning whether those devices are secure. Another step is keeping track of the latest threats–phishing emails that can introduce malware to your network, or hacking attacks to take advantage of weak spots in your infrastructure. Evaluating the risks particular to your geographic location is important, though even a low-risk location is still subject to the risks of power outages and the resulting downtime.  And don’t forget assessing the knowledge of your workers, including any weak spots in training. 

 

Once you have assessed your company’s vulnerability, you can begin to plan. Who will be responsible for which roles, what the first step after a cyberattack, what portions of your network need to be strengthened, all are to be outlined in your cybersecurity plan. Not only that, a training plan should be developed for employees so they will know how to respond.

 

Employee Training in Cybersecurity

 

Taking into account the human aspect of cybersecurity is critical. Many data breaches can result from human error. Training in password management is a vital part of helping workers be cyber-smart. Passwords should be unique and hard to guess, not shared with others. Because it can be difficult to think of (and remember) distinctive passwords, password management tools like apps or even technological tools built into the browser or operating systems, are available. A password management plug-in can even ask the user to store a password so that the workers won’t have to memorize numerous passwords. 

 

Cybersecurity is something not just to be aware of but to actively plan for – a cyber attack could happen anytime. For assistance in developing your plan, contact your trusted technology advisor today.

Getting Started with A Preparedness Plan

With the recent wildfires in Maui, disaster preparedness is (or should be) once again top of mind. Aside from the physical recovery of businesses, integrity of their data (the lifeblood of the business) is at stake. Even if you think you’re prepared, you may not be. Read on to learn more about where to start in your disaster recovery planning.

 

Consequences of Not Being Prepared

 

The disaster may be twofold, as discovered in Maui. Not only did brush fires start, but winds from Hurricane Dora blasted part of the island, resulting in an even worse catastrophe. Businesses and homes were burned to the ground, and work stopped. Do you know what your business would do during an outage, let alone a disaster like Hawaii’s? And why limit preparedness to major disasters? These days, anything can happen–even a worker unwittingly clicking on a link in a phishing email, giving away confidential information. Disasters can be big, or stem from small actions. Data can be lost or stolen, resulting in regulatory fines and loss of confidence in your business. Bad actors are always looking for ways to catch businesses off guard; the cyber damage can last even longer than physical damage. 

 

Where to Begin

 

Perhaps you’re overwhelmed by the process, wondering how to even get started. A good place to start is doing an audit of your current preparedness level. What systems, data and applications need to be up and running first, to keep your business operating? Which ones can be delayed a bit while you get your bearings? A thorough review of business-critical functions can show you where you have preparations in place and where you don’t. Where is your data stored, and what security procedures does your provider practice to keep the data from getting lost or stolen? 

 

Preparing a Plan – What to Consider

 

Agencies like the Small Business Administration (SBA) can help you formulate your plan, step by step. A good first step is auditing and updating contact information for everyone in the business, to assess their welfare in the case of a natural disaster. Consider also which applications you need to use immediately, such as email or file-sharing, to keep your business going during and after even a relatively small incident. Which data protection regulations does your company adhere to, and how do they address data loss? 

 

While getting started with (or refining) your company’s preparedness plan can be daunting, doing so will pay off. For help in designing a plan, contact your trusted technology advisor today