Recently, former Pennsylvania Governor and first US Secretary of Homeland Security, Tom Ridge, spoke during a Lancaster Chamber “Wake Up to the Issues” Forum about the alarming lack of urgency among our nation’s leaders when it comes to cybersecurity. Ridge, who is an established authority on cybersecurity, maintains that we are engaged in an all-out cyberwar, and because politicians are slow to act or take threats seriously, businesses and government agencies themselves are perpetually in danger of devastating attacks.
So, how can businesses protect themselves in this cyberwar? Constant vigilance and understanding the sophistication of the “enemy” – hackers and cybercriminals from around the globe – is key. However, there are also many practical tools and routines that you can employ right away to better defend your business and even become a true “cyber warrior.”
The “fifth dimension of warfare”
Tom Ridge’s talk at the Chamber forum was not an anomaly. He has spent significant time traveling around the US in recent years hosting cybersecurity panels and speaking about the subject to large audiences of industry experts at conferences and other events. He refers to the current cyber threat landscape as the fifth dimension of warfare and has been quoted as saying, “We have been engaged in a fifth-dimension war, a cyberwar. No one has asked Congress to declare war, but every minute of every day and every week of every year, our adversaries are looking to disrupt, destroy and steal from us.”
While cyber warfare is surely a national-level security threat, here in Pennsylvania, it’s also been proven time and again that our state government has not understood the risks Ridge is seeking to raise awareness about. Just this past summer, a breach in the Pennsylvania Department of Human Services prompted renewed calls for cybersecurity legislation. The bill would empower officials to bring cybersecurity standards up to date in the Commonwealth and better protect citizens’ privacy.
Awareness is taking hold
While Ridge contends that government is slow to act on protecting our nation’s cybersecurity, awareness of risks and threats has been spreading rapidly among business leaders and individual technology users. This could actually be the result of high-profile, government-backed initiatives like the Department of Homeland Security’s annual National Cybersecurity Awareness Month which has been taking place each October since 2004 (during Ridge’s tenure as DHS Secretary).
The goal of National Cybersecurity Awareness Month has been to promote the fact that cybersecurity is every citizen’s responsibility. Throughout recent years, this message has begun to take hold, especially as more and more people have been personally affected by data breaches at big companies like Equifax, Target, and Facebook.
Of course, actually “doing” cybersecurity in our everyday lives can seem extremely difficult or expensive. But, it doesn’t have to be.
How to protect your business every day
Regardless of government action (or inaction), as a business owner, you need effective strategies and tactics to protect your company’s data, technology resources, and financial security now.
Per Tom Ridge, this comes down to maintaining proper “cyber hygiene.” He told the Lancaster Chamber audience that, “Nothing is more dangerous than poor digital hygiene. Cyber risk can be managed and must not be ignored.”
But what constitutes good digital hygiene, and how do you manage those risks day-to-day? Ridge emphasizes investment in proper response and recovery protocols and for employees to be educated on cybersecurity best practices. He doesn’t usually talk too much about tactics, but that’s what your friendly neighborhood IT services provider is for! Let’s take a closer look at a few of our best recommendations that you can get to work on right away.
Practice good digital hygiene with these tactics
1. Have a reliable backup system in place to protect your business data
As we’ve often discussed here on the blog, the need for a strong, off-site backup system for all of your business data cannot be overstated. This supports Tom Ridge’s calls for proper recovery protocols. Plus, if you do experience a data breach, having backups may mean the difference between being able to recover quickly or losing everything. It is possible to avoid falling prey to a data disaster.
2. Keep your systems up to date with the latest patches and antivirus software
Several recent industry surveys have suggested that about 10% of PC users have no anti-malware or antivirus protection installed. That may sound like a small number, but that amounts to millions of computers that are completely exposed to even the most basic threats lurking around every corner online today.
While it’s probably true that your business computers and other internet-enabled devices have some type of protection installed, did you know that these programs need to be actively updated on a regular basis to remain effective? If it’s been a while since you’ve updated your operating system or your antivirus software, you may be at just as much risk as that 10% of users with no protection. Find out if you may have a virus now and not even realize it.
3. Use strong passwords
While you may laugh when we tell you that “password” is not a secure password be honest – do you have one or two “go-to” passwords that you use across all of your accounts? Many cybersecurity experts today believe that no password is actually secure, of course, but creating unique combinations of words or phrases that incorporate numbers and symbols is much better than using something like your birthdate or your dog’s name.
Better yet, begin utilizing two-factor authentication to access particularly vulnerable accounts.
4. Educate yourself and your employees on how to browse the internet safely and spot phishing attempts
Your employees and your business’s management team could be a cybersecurity liability without proper (and ongoing) training and testing. But with training, they could be a fantastic asset for keeping your data and systems safe. Whether you like it or not, these individuals are on the front lines of the ongoing cyberwar, and they need to be equipped to fight for and defend your business.
Learning what phishing and social engineering scams look like and knowing how not to be victimized is a major part of preparing for battle.
5. Have a Managed IT provider actively monitor your network for failures, vulnerabilities and security breaches
If you’re reading this post and wondering who in your business has time to do all this work on top of their actual day-to-day job, it may be time to consider outsourcing your IT services to a Managed Services Provider, or MSP. These IT providers are proactive and assure that your systems and software are up-to-date and secure, so you can spend your workdays focusing on making your business successful instead of just keeping it out of harm’s way.
It’s true that instituting good cybersecurity practices in your business may require shifting some priorities and changing your company culture, which can be akin to moving mountains. Luckily, you don’t have to go it alone.
When you contract with a Managed IT provider like EZComputer Solutions, you get more than just active monitoring and a quick response when problems occur. You get a technology partner who is dedicated to fighting the ongoing cyberwar alongside you. If you need help securing your Lancaster-area business’s vulnerable data and technology resources, get in touch with us today.