Especially given the growing remote workforce, companies may be looking to tighten up their cybersecurity efforts come the new year. Hackers and cybersecurity threats unfortunately aren’t going anywhere, so finding new ways to secure your company’s technology and protect your customers’ data is a good practice to begin to ensure your business’s safety all year long.
To offer up a few ideas for what you can do, 10 members of Young Entrepreneur Council list some of their recommendations for improving your cybersecurity efforts for the new year and why doing so is so important to the well-being of your company and its stakeholders.
1. Restrict Access With Role-Based Permissions
In an increasingly remote world, a lot of what we do is online. When we have to travel, it’s important that our devices have access to all the information and resources we need. Of course, a key cybersecurity practice is limiting access based on roles or employee functions. As you expand your workforce, this helps so that only select team members have administrative access. Roles can also be quickly updated and reversed in case you need to grant some staff with temporary access to certain assets or files. – Firas Kittaneh, Amerisleep Mattress
2. Implement Zero-Trust Cybersecurity
Zero-trust cybersecurity can safeguard an enterprise’s data, devices and operations in ways that virtual private networks (VPNs) and reused passwords can’t. It’s an approach to security in which all users are treated as untrusted entities. This means that even users who have been authenticated and authorized by the system should not be trusted implicitly. This approach is flexible to evolving threats and changing access needs. This type of system does not rely on predefined trust levels but instead verifies the identity of users and devices before granting access to resources. Zero-trust security systems can better protect against threats, such as advanced persistent attacks, by eliminating the reliance on predefined trust levels – Candice Georgiadis, Digital Day
3. Back Up All Essential Data
If you want to bolster your cybersecurity plan, I suggest backing up all the essential data associated with your company. Despite your best efforts, it’s still possible for a hacker to break down defenses and crack into your website. In the event of an attack, you have to act fast. A physical backup of your information will make it easier to recover your site, protect customer data and get things back to normal if and when cybercriminals attack your business. – John Brackett, Smash Balloon LLC
4. Require Two-Factor Authentication
One of the quickest and most efficient ways to tighten up security is to require two-factor authentication. It simply means providing two, rather than one, pieces of information before the team member can log in. This might look like a password and a code, for example. This is an easy way to add an extra layer of security to online accounts that doesn’t involve a lot of time or extra costs. – Blair Thomas, eMerchantBroker
5. Make The Use Of VPNs Mandatory
One way companies can consider tightening up their cybersecurity efforts for the new year is by ensuring that all employees are using VPNs when accessing company resources remotely. This is important because it helps to ensure that only authorized users are able to access company data and that all data is encrypted while in transit. Additionally, companies should consider implementing two-factor authentication for all remote access points, as this adds an extra layer of security and makes it more difficult for unauthorized users to gain access to company systems. – Sujay Pawar, CartFlows
6. Use A Password Manager
Companies can tighten up their cybersecurity by being extra cautious when it comes to information sharing. When working remotely, your employees require login credentials to access information stored on the cloud, and this is an exploit that can be used by cyber goons to infiltrate your security. No matter the sophisticated measures you’ve taken to protect your information, you can’t do the same for everyone on your team. Not many take their security seriously, and this can lead to problems. So, instead of sharing login credentials, manage access to information via apps like LastPass, and enable your employees to access information without having to be familiar with the credentials or backend info. This can be a reliable way to tighten up your security and minimize the risk of data infiltration. – Stephanie Wells, Formidable Forms
7. Slim Down Your Tech Stack
Conduct a stack audit. How much of your tech stack is shared? How is it working for your teams? How is it guarded? These are just a couple of questions you may use in performing a stack audit. Your operations should use minimal amounts of software outside the office where there is less control over use. I recommend operations stack audits annually. It is very easy for entrepreneurs to be swept up in their tech stack in the name of efficiency, but sometimes the stack gets far too heavy and poses security risks. A too-heavy tech stack poses risks whether you are in or out of the office, so always conduct regular audits. – Matthew Capala, Alphametic
8. Consider A Confidentiality Agreement
A simple way companies can tighten up their cybersecurity efforts for the new year is by having employees sign a confidentiality agreement. This is important because it helps protect trade secrets and other sensitive company information from being leaked accidentally or intentionally. A physical and legal document like this can also help deter malicious employees from stealing company data. However, don’t just hand people a paper to sign. Instead, train your employees and explain the point and value of the document. This will help them understand why it’s important and how to take proper precautions when handling sensitive data. – Blair Williams, MemberPress
9. Meet Regularly With Your IT Security Team
I wanted to tighten our cybersecurity plan, so I started meeting with our IT security team once a month. We use this time to discuss potential vulnerabilities, explore best practices and develop a course of action that ensures that sensitive data is safe and secure. This step is essential because it guarantees that we are all in the loop and know what needs to happen to improve our security over time. – John Turner, SeedProd LLC
10. Change Your Team’s Mindset Around Technology Use
In my experience, employees tend to think of company-issued tech as “their” laptop. Of course, they know it’s actually not their property, but as time goes by they begin to treat it that way—stickers on laptops, tech equipment left in unlocked cars and more. While it’s important to convey a high level of initial trust and treat everyone as an adult, it’s also wise to be a student of human nature. I say all that simply to lay the groundwork for putting together a companywide policy on acceptable use of tech. Everyone should be clear that the security of company tech rests with them. For example, I’ve asked all staff to enable remote erase on their laptops. That way, if a laptop is lost or stolen, we can protect our clients by deleting their information before it gets into the wrong hands. – John Hall, Calendar