October is Cybersecurity Awareness Month, making it a great time for companies to “audit” their cybersecurity practices.

Here are some ideas to consider in becoming prepared for a cyber attack.

Understand your risk

The Keeper Security’s 2019 SMB Cyberthreat Study released in the summer found that 43% of all attacks are against small and mid-sized businesses.  Yet 66% think it unlikely that they’ll be attacked. The numbers tell the story.

You need to understand the likelihood is high that you’ll experience some cyber attack (I did earlier this year). And you need to understand what’s at stake.

Your data are valuable assets for your business. Be sure to understand how important it is to protect:

• Customer lists
• Price lists
• Trade secrets
• Unpublished financial information about the company

If you’re attacked, you can be exposed to legal and financial consequences. Plus, it’s going to take time and money to recover from such an attack.

Educate your staff

The front line of defense in the war against cyber attacks is a knowledgeable staff. Yet fewer than a third (only 31%) of employees have cybersecurity training, according to the Chubb Cyber Risk Survey 2019. Take the time to explain company policies to enhance security (don’t assume employees already know). Norton suggests the following 10 best practices:

1. Protect company data. Make sure employees don’t share confidential information.
2. Avoid pop-ups, unknown email, attachments, and links. These can lead employees to bogus senders that wind up infecting your systems with viruses or malware.
3. Use strong password protection. At least 10 characters (upper and lower case, numbers, and symbols) are recommended.
4. Connect only to a secure Wi-Fi. This is explained below with VPN.
5. Enable firewall protection. This should be done not only at work but also at the employee’s home to block unauthorized users from accessing company information.
6. Invest in security systems. The cost of security protection to prevent an attack to the extent possible is considerably less than the cost of recovering from an attack.
7. Install security software updates and back up files. Keep your systems up to date with the latest software changes. And back up data for easy recovery if you experience an attack (such as ransomware).
8. Talk to your IT department. Be sure to stay informed by your department of threats and reach out when any problem is detected. If you’re too small for such department, be sure you have an IT expert in your contact list for fast communication.
9. Employ third-party controls. Unfortunately, data breaches often come from within, so consider limiting employee access to information.
10. Embrace education and training. Having a policy in place is only half the solution for your employees’ role in cybersecurity; you need to train them on these best practices.

Workable offers a template that you can adapt for your company’s cybersecurity policies.

Use a VPN

A Virtual Private Network (VPN) is a private network on a public internet connection that gives you online privacy and anonymity. With a VPN, you get secure and encrypted connections and your Internet Protocol (IP) address is untraceable. Without a VPN, your private data can be exposed to hackers. This is especially true when you or your employees use unsecured Internet access at their homes, coffee shops, and airports. You can learn more about VPN from Norton.

As Norton recommends, VPN should be on all your devices: desktop computers, laptops, tablets, and smartphones.

Final thought

Sun-Tsu in The Art of War said:

“Don’t depend on the enemy not coming; depend rather on being ready for him.”

That says it all!