In 2021, every business experienced some unique challenge whether it had to do with COVID restrictions, hiring enough employees, supply chain problems, or inflation. Many businesses also experienced problems with cybercrime as well. According to Forbes and the Identity Theft Resource Center (ITRC), “The number of publicly-reported data compromises through September 30, 2021, exceeded the total number of events in FY 2020 by 17 percent, showing that cybercrime continues to rise.”
The good news is that there are steps businesses can take in the year ahead to better protect themselves and protect their valuable data. Here, ORAM offers up Part II of a two-part blog series with the best cybersecurity practices every business can implement in 2022 for better cybersecurity.
Best Cybersecurity Practice 6: Back It Up
Backing up business data on an ongoing basis can mean the difference between a quick recovery or a total loss for your business should a breach occur. Backups can be set to occur automatically from every few minutes to a daily basis. By backing up your systems and networks, your business will be able to bounce back quickly in the event of a breach, natural disaster, or workplace incident.
Your company’s IT team can set up these backups to save information to the cloud, other servers, or external drives. If you don’t have an IT department, a third-party service provider such as ORAM can set this up for your business so you don’t have to worry. A data protection tool can automate incremental backups of data, prevent data loss, and significantly reduce downtime and recovery in the event of an incident. This leads us to improving uptime for your organization.
Best Cybersecurity Practice 7: Improving Business Uptime & Reducing Downtime
There are a variety of data protection solutions to improve your company’s uptime, or time spent generating revenue. These programs can allow for the “instant” recovery of data and apps lost due to a breach, natural disaster, or workplace event. That means if something does go wrong, your employees can get back to work almost immediately so your business doesn’t suffer financially.
When software, apps, and data go missing, it can have a significantly negative impact on your business operations as well as your ability to generate revenue. You might be surprised to learn that the average cost of downtime for large enterprises is more than $11,600 per minute, according to the aforementioned Hosting Tribunal article, and is nearly $4,500 per minute for companies of all sizes. Sadly, the same piece reports that 40 to 60 percent of small businesses will never reopen following a catastrophic data loss. Can your business afford such a loss or would it shut your company down permanently?
Best Cybersecurity Practice 8: Get To Know Your Data
Not only do you need to classify your data, but you need to get to know where it’s all located. Some data is more proprietary than others. For example, employee personal information such as birthdates and social security numbers is more valuable than say a photo someone shared of their dog via the company network.
All data your business holds should be classified and given limited access by employing the principle of least privilege. This means that after your data is classified, access to data should only be given to those who absolutely require it to complete their work tasks.
Furthermore, you will need to know where all of this data is stored. Does your company store it digitally only or are there hard copies in filing cabinets around the office? Are hard copies of data locked down? Who has access to stored hard copies of data?
This is all-important given that the more places data exists, the more likely unauthorized people will have access and the greater the risk to your business. There are data discovery tools that can help identify, sort, and secure data such as software-as-a-service (SaaS) applications. These can be installed and used by your internal IT department or a third-party contractor such as ORAM Corporate Advisors.
Best Cybersecurity Practice 9: Control Access
The next step is to control access to data, computers, systems, and networks. This goes back to the principle of least privilege mentioned earlier. Not only do you want to keep potentially malicious outsiders out of your systems, networks, and data, but you want to provide access to data where it is really necessary. Give access to stored data only to the employees, partners, and clients that require it to perform job functions and conduct business-related activities.
Best Cybersecurity Practice 10: Lock Devices and Just Say No to USBs
Our final tip for every business is to lock devices when they are not in use and prohibit the use of USB devices. These two pieces contribute to shoring up your business’s cybersecurity.
For every device from desktops to mobile phones, ensure that you have updated administrative settings so that any company device auto-locks with a short time-out screen saver lock. This will help employees to remember to lock down their computers and reduce access to data.
Flash drives, also known as USBs, are a common method for cybercriminals to gain access to organizational systems and networks. They can create a serious risk for your business because employees, partners, and clients can save data to them and they can be easily lost since they are so small.