Especially given the growing number of remote workers, companies may want to step up their cybersecurity efforts in the new year. Unfortunately, hackers and cybersecurity threats aren’t going anywhere, so it’s good practice to find new ways to secure your company’s technology and protect your customers’ data to ensure the safety of your business year-round.
To contribute a few ideas for what you can do, 10 members of Council for Young Entrepreneurs list some of their recommendations for improving your cybersecurity efforts for the new year and why this is so important to the well-being of your company and its stakeholders.
Members pictured from left to right.
Photos courtesy of the individual members.
Contents
- 1 1. Restrict access with role-based permissions
- 2 2. Implement Zero-Trust Cybersecurity
- 3 3. Back up all essential data
- 4 4. Require two-factor authentication
- 5 5. Make using VPNs mandatory
- 6 6. Use a password manager
- 7 7. Knock off your tech stack
- 8 8. Consider a confidentiality agreement
- 9 9. Have regular meetings with your IT security team
- 10 10. Change your team’s mindset around technology use
1. Restrict access with role-based permissions
In an increasingly remote world, much of what we do is online. When we have to travel, it’s important that our devices have access to all the information and resources we need. Of course, a key cybersecurity practice is limiting access based on roles or employee functions. As you grow your workforce, it helps so that only selected team members have administrative access. Roles can also be quickly updated and reversed in case you need to grant certain employees temporary access to certain company assets or files. – Firas Kittaneh, Amerisleep mattress
2. Implement Zero-Trust Cybersecurity
Zero-trust cybersecurity can protect an enterprise’s data, devices, and operations in ways that Virtual Private Networks (VPNs) and reused passwords cannot. It is an approach to security where all users are treated as untrusted entities. This means that even users who are authenticated and authorized by the system should not be implicitly trusted. This approach is flexible to evolving threats and changing access needs. This type of system does not rely on predefined trust levels, but instead verifies the identities of users and devices before granting access to resources. Zero-trust security systems can better protect against threats, such as advanced persistent attacks, by eliminating reliance on predefined trust levels – Candice Georgiadis, Digital day
3. Back up all essential data
If you want to strengthen your cybersecurity plan, I recommend backing up all vital data associated with your business. Despite your best efforts, it is still possible for a hacker to break through the defenses and penetrate your website. In the event of an attack, you must act quickly. Having a physical backup of your information makes it easier to recover your site, protect customer data, and get things back to normal if and when cybercriminals attack your business. – Jan Bracket, Smash Balloon LLC
4. Require two-factor authentication
One of the fastest and most efficient ways to tighten security is to require two-factor authentication. It simply means providing two pieces of information instead of one before the team member can log in. For example, this could look like a password and a code. This is an easy way to add an extra layer of security to online accounts that doesn’t require a lot of time or extra expense. – Blair Thomas, eMerchant Broker
5. Make using VPNs mandatory
One way companies can consider tightening up their cybersecurity efforts ahead of the new year is to ensure that all employees use VPNs when accessing company resources remotely. This is important as it helps to ensure that only authorized users can access company data and that all data is encrypted in transit. In addition, companies should consider implementing two-factor authentication for all remote access points, as this adds an extra layer of security and makes it more difficult for unauthorized users to access company systems. – Sujay Pawar, CartFlows
6. Use a password manager
Companies can tighten their cyber security by being extra careful when sharing information. When working remotely, your employees need credentials to access information stored in the cloud, and this is an abuse that can be used by cybercriminals to infiltrate your security. Regardless of the sophisticated measures you’ve taken to protect your information, you can’t do the same for everyone on your team. Not many take their security seriously and this can lead to problems. So instead of sharing credentials, you can manage access to information through apps like LastPass, and let your employees access information without needing to know the credentials or backend info. This can be a reliable way to tighten your security and minimize the risk of data infiltration. – Stephanie Wells, Formidable shapes
7. Knock off your tech stack
Perform a stack audit. How much of your tech stack is shared? How does it work for your teams? How is it monitored? These are just some of the questions you can use when performing a stack audit. Your operations should use minimal amounts of software outside the office, where there is less control over usage. I recommend annual operational stack audits. It’s very easy for entrepreneurs to get swept up in their tech stack in the name of efficiency, but sometimes the stack gets way too heavy and poses security risks. An overly heavy tech stack carries risks whether you’re in the office or not, so do regular audits. – Matthew Kapala, alphametic
8. Consider a confidentiality agreement
An easy way for companies to sharpen their cybersecurity efforts ahead of the new year is to have employees sign a non-disclosure agreement. This is important because it helps prevent trade secrets and other sensitive business information from being accidentally or intentionally leaked. Such a physical and legal document can also help deter malicious employees from stealing company data. Don’t just give people a paper to sign, though. Instead, train your employees and explain the usefulness and value of the document. This will help them understand why it is important and how to take proper precautions when handling sensitive data. – Blair Williams, MemberPress
9. Have regular meetings with your IT security team
I wanted to sharpen our cybersecurity plan, so I started meeting once a month with our IT security team. We use this time to discuss potential vulnerabilities, research best practices, and develop an action plan to ensure sensitive data is safe. This step is essential as it guarantees that we are all up to date and know what needs to be done to improve our security over time. – John Turner, SeedProd LLC
10. Change your team’s mindset around technology use
In my experience, employees often think of company-issued technology as “their” laptop. Sure, they know it doesn’t actually belong to them, but over time, that’s how they start treating it: stickers on laptops, abandoned tech equipment in unlocked cars, and more. While it’s important to convey a high degree of initial confidence and treat everyone like an adult, it’s also wise to study human nature. I say all this to lay the groundwork for creating a company-wide policy on acceptable use of technology. It should be clear to everyone that the security of the company’s technology rests with them. For example, I asked all staff to enable remote wipe on their laptops. In this way, if a laptop is lost or stolen, we can protect our customers by removing their information before it falls into the wrong hands. John Hall, Calendar
Janice has been with businesskinda for 5 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider businesskinda team, Janice seeks to understand an audience before creating memorable, persuasive copy.