by Jeanne Wagner, Missouri Enterprise Chief Financial Officer
Why is a CFO offering you an article on cybersecurity? Because putting your head in the sand can be an incredibly expensive policy for your company. If you don’t have a strict written policy and protocols in place to protect your information and systems against the threat of cyberattack, you’re running a huge risk.
Open your eyes and look at what could happen if your systems are breached: Lost productivity and downtime; customers abandon you, profits plummet, huge recovery expenses, liability from confidential information loss and more.
Notice that earlier I said “policy and protocols”. Written rules mean nothing if they are not enforced, so you need protocols in place to ensure everyone at the company respects and protects your technology and information systems. No policy and protocols? Then by default, your cybersecurity policy is “put your head in the sand”.
The National Institute of Standards and Technology (NIST) publishes an informative blog called NIST Taking Measure, and a recent post called “Ignoring Cybersecurity is Risky Business,” by Pat Toth, gives a great overview on areas you should incorporate into your company’s cybersecurity policies. Ms. Toth is NIST’s Cybersecurity for Small Business Outreach Lead, so her insights come from extensive experience with manufacturing companies big and small. Here are some of the highlights of the article:
- Train your employees. Notice this is first on the list, because everyone needs to understand and enforce your cybersecurity policy. Teach your people about unauthorized app downloads, social media restrictions and rules, sensitive information handling and so on.
- Stay up to date. Always stay on top of software updates.
- Install and Activate Software and Hardware Firewalls. These tools help block malicious emails and unauthorized browsing.
- Secure wireless access points and networks. Never use the administrative password that came with your wireless equipment, don’t broadcast its SSID, and educate employees on using company equipment on potentially unsecured wi-fi in public places.
- Require individual user accounts and strong passwords. Require and enforce strong passwords, and ensure employees know not to share their passwords with anyone…they are responsible for anything that occurs on their user ID.
- Set up web and email filters. Filter for inappropriate messages and malware infected websites.
- Make full backup of important business data/information. Do regular, complete, encrypted backups of every computer and mobile device at your company, at least once per month.
- Be Cyber Aware. As a business owner, you’re accustomed to taking risks to help grow your company profitably. Cybersecurity is one place you should be minimizing risks. A head in the sand policy on your technology and information protection is way too high of a risk to everything you’ve built.
As a part of its decades-long mission to Help Missouri Manufacturers Succeed, Missouri Enterprise has enhanced its abilities to guide companies on their cybersecurity policies. Call us at 800-956-2682 to learn more.