The proliferation of cyberattacks and data breaches in the last couple of years has showed us that hackers are increasingly after information. As the threat landscape has evolved, attacks have become more and more sophisticated and risks that were once considered unlikely started happening with regularity. This has made it critical for business leaders to understand that no company or individual can be 100% safe from a breach and that businesses have to increasingly be aware and prepared for the new, highly focused risks.
As the CEO of Tresorit, a company that has built its service on guaranteeing security, I had to implement serious internal policies and take numerous measures to avoid attacks and to ensure my company’s preparedness for potential risks. In this post, I’ll share my experience and give you a list of basic security tips that your company should implement in order to guarantee the best protection possible against cyber threats.
1. Make cyber security a priority and set up a strategy
Protecting your firm against cyber threats has to start with the understanding that you, just like anyone else, can fall victim of cyberattacks. Downgrading the potential of an attack by saying “it won’t happen to me” is just not the right attitude in today’s world where cyberattacks spread at an alarmingly rapid rate. Hence, you need to take cyber security seriously and make it a priority within your organisation. You need to set up a security strategy by accessing and classifying the data you handle and by determining the exact level of security needed to protect them. A key element of your strategy is to make sure you have effective controls in place appropriate to the level of sensitivity of your data. You should also constantly look out for developments in the tech space, in terms of both new threats and tools.
2. Promote awareness among employees
A recent study revealed that the biggest cyber security risk to businesses is employee negligence. Employees still fall victims of phishing scams, click on malicious links that can infect your entire computer system, or unintentionally expose sensitive data when working on a mobile device in public. Therefore, a key element of your security strategy has to be awareness raising and employee training to ensure that your staff understands the importance of data protection and security protocols. You can ensure this process by designating an information security officer who can hold regular training to your staff and educate them about the latest cyber threats and preventive practices. We have already summarized in a previous post (see here) how to raise the security and privacy awareness of your staff.
3. Be serious about passwords and authentication
You must have heard this warning a hundred times before. Yet, many people still do not follow it which explains why most accounts get broken because of an easy-to-create-and-remember password. Aside from using a password manager to create strong and unique passwords for each of your accounts, you also have to make sure to change your passwords frequently. Never reuse an old password, and never use the same password for more than one account. It is essential that you and your employees don’t keep any passwords on paper, in a text file, or in the cloud. In addition, complement your password policy with a two-factor authentication requirement to access services with sensitive company information. See here some tips on how to set up a strong password.
4. Install an antivirus and keep it updated
Antivirus software is designed to protect you against all kinds of malicious software (such as ransomware, Trojan horse programs, botnets). Therefore, installing an antivirus protection and updating it on a regular basis has to become more than just a habit. If your antivirus signals that there is a problem, you need to take it seriously and follow its instructions to get things back on track.
5. Always backup to protect against ransomware
Criminals can install ransomware on your computer and take hostage of all your data. Companies are the main target of these kind of attacks as they are most often willing to pay significant amounts to get their data back. Your data could also get compromised due to natural accidents such as a fire or flood in your office. To immunize your company against ransomware and other threats, you should regularly back up important data. If you have backups, you can easily restore data and ensure that your ability to serve customers is not impacted. But keep in mind: just because you’re using a cloud or other hosted service doesn’t mean your data is backed up. Explicitly contracting for backup services is necessary to actually have your data secured. See here how to recover files with Tresorit in case of a ransomware attack.
6. Encrypt to ensure the privacy & confidentiality of your files
Encryption is, so far, the best way to protect the privacy and confidentiality of your data. There are many types of encryption but end-to-end encryption is the one that can ensure the highest level of protection for your confidential documents. With end-to-end encryption, encryption is done on the client side so your files are encrypted before they leave your device and remain fully encrypted until they reach the intended recipient. Only you have the keys to open or share them. In case of a technology based on zero-knowledge principle, just like Tresorit, the service provider you use can never see your files unencrypted or your passwords in plain text. In case of a breach, no one can decrypt the content of your files so you don’t have to worry about your confidential business files getting exposed.