Empower Yourself and Your People
After completing this unit, you’ll be able to:
- Monitor your systems and devices to catch and eliminate many cyber threats.
- Manage cyber relations with key partners and vendors.
- Recognize the impact of cyberattacks on outside organizations.
- Empower employees to take responsibility for cyber hygiene and security.
Learn About Your Adversaries
Who are the players in this game of cybersecurity? Who’s out there trying to sabotage your business and your cybersecurity? Who is out there monitoring the situation and trying to protect you? Finally, what’s your role in all of this? You know what needs to be done and now have the resources that makes it easier. Time to meet the players.
New attacks appear all the time, constantly changing the cyber threat landscape. If you feel like someone is always on the lookout for ways to “get in” to your systems, you’re probably right. As we mentioned earlier, cyber crime continues to be on the rise. A 2019 report by Radware estimates the average cost of a cyberattack to be $1 million. Most businesses can’t weather those kind of costs, particularly small businesses.
It’s critical that you are always watching out for who may be watching you. And if you aren’t able to do it yourself, make sure someone does it for you. According to Accenture's 2020 Cybersecurity Report, building cyber resilience takes teamwork. Employees, third-party suppliers, alliance partners, law enforcement agencies and even competitors all have their parts to play. However, the first line of defense in an organization is the cybersecurity team. On average, research shows security teams discover between 54 to 83 percent of breaches.
Put Your Team in Place
Let’s put this out there. Cyber hygiene is everyone’s responsibility. Each person who has access to your systems, including email, or conducts business on one of your devices is responsible for cybersecurity.
Train your employees. Make sure they understand their responsibilities and help them cultivate a security mindset by:
- Creating and maintaining strong passwords, and not sharing them with anybody.
- Performing necessary backups of all key data they manage.
- Being on the lookout for suspicious email scams.
- Practicing caution when visiting websites to ensure they are safe and secure.
- Monitoring systems and notifying the right people if they come across something suspicious.
In addition to making every employee aware of how to protect themselves and the company from cyberattacks, another best practice is to identify and appoint someone to monitor and manage your organization’s cyber hygiene. That way, they can provide an overview of everything cyber and digital happening in your organization. Big-picture views make it easier to prevent and detect issues.
Keep Your Friends Close
Think about your key business partners—your vendors, suppliers, and even your clients and customers. What are their cyber hygiene practices? Some organizations are more advanced in their cybersecurity practices, while others do not have protective measures in place. It’s time to have the conversation. According to the Marsh & McLellan 2020 Cyber Handbook, many firms are operating in complex supply chains that expose them to the weaknesses in other companies who may not have the same focus on cyber risk management. Hackers look for the weakest link in the chain.
It may feel awkward, but it’s important to talk with your partners and vendors about cyber hygiene. They value their relationship with you. The last thing they want is to damage your, and their, systems because they don’t have the best cybersecurity measures in place. If something happened to their systems because of a virus that originated from your systems, you would probably feel awful. It’s the same for your business partners.
Practice more than just “perimeter security,” which refers to protecting the walls around your own systems. It sounds harsh, but a zero-trust approach will protect you and your partners because it doesn’t assume that a company can assure safety within the confines of their own “secure” network. It’s not personal. A zero-trust approach places control around the systems and devices themselves, providing greater visibility into the whole chain and taking into account the impact each system can have on another. It looks at the chain, both inside and outside the company’s walls. The security chain is only as secure as its weakest link.
Turn the Tables: Use the Three-Pronged Approach
A good strategy can help you achieve your cyber hygiene objectives of protecting your systems, preventing attacks, and helping you quickly recover should an attack occur. Even the smallest organizations can adopt this basic three-pronged approach that helps measure risks, while monitoring and managing threats.
Prevent: Put every tactic in place to prevent cyberattacks. There’s no silver bullet, but the resources previously shared will do the trick and prevent many types of attacks.
- Who should you be watching? Monitor any suspicious activity.
- What can you control? Think passwords, security measures, and antivirus software.
Detect: Use the resources to find the threats before they get to you.
- Adopt steps to identify threats and stop them before they happen.
- Respond in a timely manner; early detection of a threat can make all the difference.
React: If you detect a threat or attack, you have to be able to respond to it. Plan your response.
- Let people know about the threat/attack.
- Perform any necessary updates after the threat is eliminated.
It may seem like a lot, but the resources we’ve shared can help tremendously, and the effort put in now can have large payouts later. Still, you can never let your guard down. Watch for updates and alerts released by the manufacturers of your systems, applications, and devices. Make sure someone is monitoring for cyber threats, both internally and externally. Threats can originate from many places, not just your systems and applications. Vigilance goes beyond just what you can control.
And don’t forget about social media. It’s another way for hackers to gain access. Be sure to use all security measures offered by social networks. Reinforce the importance of responsible social networking to your employees, especially if they do it on their work devices. Plus, social channels can serve as a resource to learn about the latest cyber threats. Education is your best defense.
Cyber Hygiene Is Your Business
Who isn’t looking for a competitive advantage? Make cyber hygiene and cybersecurity yours. Make your business, your site, and your systems the place where customers, employees, and partners know they are protected. Use cyber hygiene to strengthen your business and reputation.
As a business owner and leader, you have lots of responsibilities. Cybersecurity has to be a top priority, because the risks and costs are just too great. Ignoring cyber threats will not make them go away. It’s easier to prepare for it now than deal with the repercussions later.
We have shared several resources and tools to get you started with strong cyber hygiene. And there’s more out there. Don’t hesitate to seek expert advice.
Sum It Up
Cyber threats and attacks are part of life and business. It’s your business to protect your business. Set up protections for your systems and email. Emphasize this to your employees. Encourage training and education so they are in the best position to spot cyber threats before they attack. Practice for it. Put a plan in place so everyone knows what to do when something bad happens. Empower them so they are in the best position to protect your business. Set up a strategy. Put someone in charge. Stay vigilant and make cyber hygiene your competitive advantage. Your business depends on it.
Interested in exploring more cybersecurity-related information? Check out the Cybersecurity Learning Hub on Trailhead.