It’s October! It’s hard to believe that in just a few short weeks, we will be celebrating in brand new ways the holiday season from Halloween to New Year’s. Soon, everyone will be virtually shopping for presents, looking up new recipes for holiday dinners and finding new ways to ring in the New Year. Right now, even more than previous years, everything is revolving around doing things virtually. Which is why I love that Cybersecurity Awareness Month is in October. In honor of Cybersecurity Awareness month and month 6 of the “new normal”, now is the perfect time to refresh, or learn (as the case may very well be), the fundamentals of cybersecurity.
So, what is Cybersecurity? Oxford defines it as, “the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this.”
A more detailed definition comes from consulting the Cybersecurity and Infrastructure Security Agency (CISA).“
That all sounds SUPER important, but what does that really mean? In a nutshell, cybersecurity is how people, entities, companies etc. defend digital information from falling into the wrong hands. Cybersecurity is the protection of payment information, customer information and intellectual property. Falling into the wrong hands could be anything from giving an employee too much access, having work information an open Wi-Fi or hackers getting into your data and using it for criminal activities. No matter how big or small, the activities should be watched out for.
So now that you know what it means, why is cybersecurity important? Every person and every organization that has digital information should engage in cyber security. Cyber security is important because digital information is ubiquitous. Even if you live in a bunker and have no social media, your digital information is out there because of everyday activities and needs to be protected. Cybersecurity is so important that there are laws and regulations about protecting that data so that businesses end up paying hefty fines for inappropriate practices.
Now that I have thoroughly frightened you, you are probably wondering what you can do to protect your business. Well, there a list of some things everyone can and should do immediately.
- Internet connection – make sure that your business internet is separate from the internet that is used by outsiders (i.e. customers and vendors). This can be solved by using a guest network for the outsiders. Make sure that both are password protected.
- Data – encrypt all your data, no matter where it is stored. If you use the cloud, make sure your cloud provider.
- Access – Periodically review who has access to the data and make sure that it is appropriate. Use the rule of “least privilege”. In other words, give the minimum access needed to do the job properly. If they need extra access for a specific task, give temporary access.
These are just some of the things that can be done immediately. There are plenty of things that can be done to further strengthen your cybersecurity posture, but they would require feedback, actions and continual monitoring from IT professionals. The main thing to remember is that cybersecurity is for everyone.