Moving Words – Cybersecurity
Timothy Brady
“It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.” – Stephane Nappo
The moving industry is no less vulnerable to cyberattack than any other industry. All you need to do is look at the industry’s dependency on the internet to conduct business. While having the benefits afforded with so much of your operational infrastructure based on the internet, each time an employee, contractor, vendor, customer has access to your servers and IT components, there’s a vulnerability which needs to be addressed.
According to research by FireEye, a CyberSecurity Company located in Milpitas, CA, 27% of participants characterized their cybersecurity as semi-formal approaches where
efforts were mostly compliance-driven and focused on addressing mandatory regulations, while 24% saw their programs as informal where the primary focus was addressing critical issues as they occurred.
Globally, 23% of organizations reported formal security programs with a broad, risk-based focus supporting continuous optimization of processes and approaches, compared to the U.S. (41%) and China (38%).
Only 19% of organizations identified their security program as strategic with intelligence data driving investment decisions, operational priorities and other critical cybersecurity factors.
Overall, 7% of organizations indicated they did not have a cybersecurity program at all. In Canada, this response jumped to 18%.
Your firm’s stats likely fall somewhere in one of these ranges. What’s the best response to wondering if your moving company could do better? Here are seven recommendations which can help secure your networks:
1. Educate and empower your employees
Employees are the most vulnerable part of your whole cybersecurity infrastructure. Research shows most Americans don’t understand digital technology, let alone cybersecurity. The lack of even basic digital knowledge makes it hard for average tech users to make the right decisions about how to protect themselves online or what data to share. Therefore, training and a comprehensive understanding of the digital basics are vital for protecting your company.
Employees are the human shield in the company’s firewall, and they need to feel empowered to take ownership of cybersecurity. Whether that’s noticing a coworker who writes down their passwords on a sticky note or questioning outdated and non-secure practices, people need to feel like they have a right to point out security flaws.
2. “Change your password” day
Many people don’t put enough creativity into their passwords. It’s shocking, but the most common ones are still ‘12345’ and ‘QWERTY.’ To make it worse, many people also recycle their passwords and use the same ones for their business and personal accounts. A ‘change your password’ day once a quarter or every six months would be a good way to encourage employees to think about strong, complex passwords. Another good idea is to use a password manager and train your employees on how to use one.
3. Accurate list of inventory and accounts
Make sure you have the most up-to-date inventory and account list. Then review it – are all of those in use and actually needed? Many employees receive dozens of accounts for various tools and then never use them. Such unattended accounts can leave security gaps as no one is checking for suspicious activity. If the account is not being used, delete it.
4. Have backups and test them
While it’s fairly common to have backups, some companies forget to test them. Then, when push comes to shove, they wonder why it didn’t work. Make sure to test your backups and do it frequently – perhaps schedule them for the whole year in advance.
5. Legislation and its impact
Although the most famous and most struggle-inducing was the General Data Protection Regulation law, industries such as healthcare, finance, or manufacturing have separate legislation concerning data and breaches. Review current and upcoming legislation and set up some time to understand your responsibilities. Also, create a roadmap to make sure you and your customers are complying with laws.
6. Use a Virtual Private Network (VPN)
Although your organization might use an intranet for private internal communications, more and more people are choosing to work from home or public places. In this instance, it is essential to use a VPN. It creates a secure encrypted tunnel between your employee’s device and the internet — or your company’s server.
7. Encrypt your files
You should start encrypting your company’s documents – whether they are stored on a computer or in the cloud. When you use file encryption tools, if hackers manage to steal important documents, they won’t be able to access their content. Moreover, the safest way to share your company files with clients or within the organization is by encrypting them first.
Cybersecurity – a part of everyone’s desktop nowadays.
Passwords are like underwear: don’t let people see it, change it very often, and you shouldn’t share it with strangers.” – Chris Pirillo.
