Current global events are leading many experts to issue warnings about cybersecurity. Cybersecurity is something every business needs to be concerned about. Big or small, selling globally or just locally...if you do anything online at your business, your data is in (potential) jeopardy. 

Here are things you need to do now. Seriously.
 

Invest in Protection

There are many ways that businesses are at risk. It’s important to know that cybersecurity is something you now have to consider as part of your business’ annual budget. Running updates as soon as they come out isn’t enough protection. Storing data in the cloud isn’t enough if those cloud companies get hacked. Making sure virus protection is in place is vital, but not the only line of defense. While all of these things remain important, they aren’t enough anymore.
 
You need to speak with a cybersecurity specialist. A good expert will offer a plan customized for your business and work within your budget. Cybersecurity is something you will have to budget for as a line item from now on.
 

Don’t Ignore Warnings

The Cybersecurity and Infrastructure Security Agency (CISA) and FBI have issued warnings over the past two months about the imminent threats of destructive malware aimed at organizations with dealings in the Ukraine. However, the agencies also believe it is only a matter of time before American businesses with no connections to that part of the world are targeted too.
 
The actions that CISA/FBI urge companies to take as soon as possible (start today) include:
 

• Set anti-virus and anti-malware programs to conduct regular scans.
• Enable strong spam filters to prevent phishing emails from reaching end users.
• Filter network traffic.
• Update software.
• Require multifactor authentication.
• Use strong passwords, single use only (not the same ones across every site you access) and change them often. Set your machines to require it.
• Regularly backup data offline. Yes, a few years ago we were told the cloud was everything. Now they stress redundancies. Do both.
• Implement network segmentation. Don’t allow access to everything through one “door.”
• Work with a professional to draft a recovery plan.
• Require credentials to install software.
• Configure access controls with “least privilege” in mind. If certain employees don’t need access, don’t allow it.
• Consider a VPN. Over the last few years, it’s become increasingly easy to access machines and log in to work from home. It was essential to work remotely during COVID. But now that easy access can lead to big problems.
• Disable hyperlinks in emails.
• Train your employees on cybersecurity and how to recognize potential threats. Even savvy employees can be tricked. For instance, an email from “Federal Express” when they’re expecting a package can cause a lapse in judgment.  

 
Do your research. Read the Cyber Essential Resources for Small Business from CISA. It will help you decide where to start and how to begin cybersecurity implementation to keep you and your customers safe.  Don’t wait for something terrible to happen.
 
Non-profit organizations should also beware. Your lists can be very valuable. If you conduct any type of business online or have any lists or data on your computer or in the cloud, you need to investigate what level of protection is necessary and begin a plan for implementation.
 
Once malware strikes, even large companies with huge budgets are helpless.  If you’re not sure where to turn to start working on these things and you don’t have an IT department—let us know at the Chamber. We can provide referrals to resource providers. www.TCLMchamber.com
 
 
#  #  #