The digital transformation movement long antedated the arrival of Covid-19. However, for many, it was out of sheer necessity that the remaining number of traditional brick-and-mortar businesses finally migrated their operational activities online. But apart from the usual bare minimum requirements of having the right devices, ensuring sufficient bandwidth, and using the appropriate enterprise applications for communication and collaborative work, businesses must make it a point to ensure data remains private for shared resources on the cloud. Here are the top cybersecurity tips to start the new year in confidence that your enterprise information remains secure.
1. Use a password management system
One way that online enterprises can ensure security is by adopting the use of cross-platform, enterprise password management tools. Examples of subscription-based password management solutions include DashLane and LastPass. Apart from the most obvious benefits being that you get fast access, and having a good memory to recall your passwords is unnecessary, these tools will enable you to use stronger, more complex passwords, thus boosting your security. Of particular benefit to businesses that need to grant multiple team members access to a single account, this tool will allow you to manage and change passwords efficiently. Dashlane, for example, has the added feature of encrypting the actual password credentials shared across team members, enabling one person to control the password to the account.
2. Employ blacklisting or whitelisting
In much the same way that INTERPOL has a shared database of known and suspected terrorists maintained by border control authorities, a computer blacklist details the possibly harmful or suspicious entities that shouldn’t be allowed access or running (execution) rights, in a system or shared network. These entities can take the form of viruses, Trojans, worms, spyware, keyloggers, and other forms of malware that can wreak havoc on your system once they manage to bypass security. Blacklisting is a key element in antivirus and security software suites and typically takes the form of a ‘virus database’ or ‘virus vault’. The bottom line is, you identify everything bad that shouldn’t access your system, bar it from gaining access, then allow the freeflow of everything else. The only problem with this model is that blacklisting enables you to restrict only ‘known’ variables, and new malware variants are being designed every day.
Inversely, the listing of trusted entities is called Whitelisting. It is a list of all software applications, email addresses, users, processes, devices, etc. that are allowed access to a system or network, and block everything else. This employs a ‘zero trust’ system that essentially denies all access to everything except what is deemed necessary. Considering that there’s a limit to the number of known variables in a security system, many circles believe that whitelisting represents the more sensible approach to information security.
3. Segregate work and private data
One of the security-related downsides of the mass migration towards work-from-home modes mandated by quarantine restrictions is that many companies struggle to acquire and set up the proper equipment for the entire organisation and cybercriminals are sure to take advantage of the security loopholes in these unsecured systems. A statistic published in Shred-It’s 2018 State of the Industry Report states that as much as 86% of business executives believe remote workers increase a company’s chances for a data security breach. This is behaviorally attributable to the fact that almost half of the survey respondents admitted to transferring files between work and personal computers while working remotely. This high-risk behavior compromises both an individual’s data and the company’s data. Taking the proper steps to secure your employee’s data and privacy, along with protecting your company’s sensitive information is not optional but essential. This then brings us to the next point…
4. Have a back-up plan
What’s your back-up plan if your device gets lost or stolen? The cost of a stolen device is not merely its replacement cost, but also the cost of peripherals and accessories, the installed software, and most important of all, it’s the cost of any information that is compromised from that device – which could pretty much be incalculable. Additionally, a greater cost is the potential exposure and liability that may result from any compromised confidential client information.
For starters, find out if your device automatically encrypts your data, and schedule regular backups of your information. Investing in extra data allowances on Google Drive, for example, is a worthy investment to keep a copy of all your data on the cloud. If your device is already synced to your Google account, head over to this resource page to find, lock, or erase data from your device in case of loss or theft.
5. Keep your devices and software updated
The WannaCry global ransomware attack that attacked computer systems in over 150 countries back in 2017 revealed a frightening statistic: an astonishing number of people don’t keep their software systems up to date. A Google survey revealed that one-third of security professionals don’t keep their systems current. And when respondents were asked why they didn’t care to update their software, the answer was that installing updates felt tedious and unnecessary. While software updates are by nature iterative, they are vital to the safety of your data; this is because software updates often include repairing security holes and the fixing of computer bugs that were discovered later on after initial release. Updates may also include feature improvements and updates and the removal of outdated ones. Since hackers are always on the lookout for new ways to exploit weak systems and security vulnerabilities, it makes sense to take a proactive approach and get the latest security patches promptly as they are released.
Non-technical people are more likely to neglect the digital health of their systems for the simple reason that ‘they can’t be bothered with it’. But it’s high time that our forced digital adoption and migration to cloud systems serve as a wake-up call. 2021 is upon us, and we owe it to ourselves to keep our shared network safe because it’s not just about us. If our computer turns out to be the weakest link in the security chain, this affects our work colleagues, our friends and family as well.