By Brenda Story, Missouri Enterprise, Director of Information Technology
Healthcare has become a big part of our lives. With the advances and sharing of medical and personal health knowledge growing, we’re all aware of important lifestyle choices we should be making to protect our health. We all know we should try to eat healthy foods and exercise more, but it’s a safe bet many of us either ignore the facts, or “cheat” every so often.
It’s similar to how we deal with Cyber Security, isn’t it? How would the world continue to move forward without all the wonderful and amazing technology that’s constantly growing and expanding our capabilities? And with all these advances, we’re getting clear (and not-so-clear) messages on some of the things we should be doing to protect our technology and information. We all know the critical the best practices we should be following… change passwords, use antivirus software, update operating systems (and so much more!)…but we also know that most people, and many companies, aren’t doing what it takes to secure their information and technology against attack.
Just as not following a good health regimen could lead to a life-threatening ailment, not maintaining best practices to protect your company technology could be a recipe for disaster. For companies, it’s more than just a personal decision to do everything you can to protect your information and technology; you have customers, employees and stakeholders you’re responsible for and accountable to. Think of them like your children, would you protect your physical health for them? You should do the same thing for everyone dependent upon your company, including yourself. The health of your company is always at risk from cyber threats, greater than you may even know, so you can’t just ignore the warning signs and wait for the worst to happen.
In a recent presentation on Cyber Security called “Manufacturing Under Attack”, the Michigan Manufacturing Technology Center cited some very interesting statistics:
- Manufacturing is now a “Top 5 Target” of Cyber Attacks.
- The annual increase in cyberattacks against midsize companies and manufacturers: 54%.
- The FBI estimates that $400 Billion of Intellectual Property is leaving the U.S. each year because of cyberattacks.
Think hard about how dependent your company is upon technology and information, from core equipment and software such as cell phones, laptops, system servers, accounting software and ERP systems and so on, to the integrated software that runs your machines and production equipment. Today, it’s not only your server and that computer on your desk you need to protect. With the rapid rise of mobile computing and cloud services, Software as a Service (SAS) and now The Internet of Things (IoT), not to mention some of the computerized equipment on your shop floor, we have even more technology based information to protect!
So it’s critical that you review and understand all facets of Cyber Security at your company, and just like your personal health examination, you need to do it today. And you need to maintain vigilance on a daily basis; unlike your personal health, where sneaking a treat or skipping your exercise every so often might not be a big deal, you can’t afford to take the same risks with your company. Leaving the doors open for even a short window might be all it takes for a cyberattack to get through and cripple your business (or worse…hold it hostage for ransom! Yes, it happens!).
But perhaps you’re one of those who’ve embraced the reality and fear of the consequences of disregarding your body’s health warnings, and you do your daily best to give yourself the best chance for a long and healthy life. There are plenty of warnings about lax cybersecurity and the potential consequences…isn’t it time you learn vicariously, listen to the signals and do your very best to protect your company, day in and day out?
The solutions aren’t simple, and the risk environment is constantly changing. Your company should consult with a cybersecurity expert to help you understand your risks and develop a strategy to protect your company against cyber threats. Consider hiring a cybersecurity company to help you with your ongoing fight against cyber invasion. Or if resources allow, hire an in-house cybersecurity expert or team, but always give them ready access to outside expertise and consultation so they can stay abreast of the constant change.
In the meantime, here are some basic security tips provided by the federal government through the FCC. I encourage you to review this list and see how your company stacks up against it, then consult with qualified experts to ensure your company is as safe as it can be from a catastrophic cyberattack.
10 Cyber Security Tips for Small Business
(Reprinted from the Federal Communications Commission website at https://www.fcc.gov/general/cybersecurity-small-business)
- Train employees in security principles. Establish basic security practices and policies for employees, such as requiring strong passwords, and establish appropriate Internet use guidelines that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information and other vital data.
- Protect information, computers and networks from Cyber Attacks. Keep clean machines: having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available.
- Provide firewall security for your Internet connection. A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home system(s) are protected by a firewall.
- Create a mobile device action plan. Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.
- Make backup copies of important business data and information. Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly and store the copies either offsite or in the cloud.
- Control physical access to your computers and create user accounts for each employee. Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.
- Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.
- Employ best practices on payment cards. Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.
- Limit employee access to data and information, limit authority to install software. Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission.
- Passwords and authentication. Require employees to use unique passwords and change passwords every three months. Consider implementing multi-factor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multi-factor authentication for your account.