Best Practices for Managing Cybersecurity Threats (Part 1 of 3)
Businesses large and small face cybersecurity threats daily. To manage the risks we’d like to offer some prevention and response tips, in addition to purchasing cybersecurity insurance.
In Part 1 here, we start with passwords and multi-step authentication, and personnel management precautions and processes for protecting a business’s cybersecurity. In Part 2, we recommend some internal procedures an organization can adopt preventively to mitigate cybersecurity risks. In Part 3, we suggest some IT related measures that will reduce cybersecurity risks, and a response plan for a cyber incident. Please note what we recommend are not exhaustive lists, please think of other measures to add to our lists.
1) Passwords and multi-step authentication:
A company should have a system in place for training everyone on the use of passwords such as the following:
- Provide every person in a company with an individual account with a unique username and password.
- Always create strong passwords. Use a company password manager.
- Do not reuse passwords.
- Do not share passwords for both personal and company use.
- Never share passwords online, unless the communication is encrypted.
- Never store passwords in any place where they can be stolen.
- Do not let the Internet browser remember passwords.
- Change passwords 4 times a year, every quarter.
- Change default username or passwords for computers, smartphones, etc.
- Always use multiple authentication methods, throughout the company.
2) Staff Management:
- Background check key personnel, such as executives, finance personnel, IT staff, and anyone with administrator access.
- Do not allow employees not in key positions admin privileges for computer accounts.
- Do not provide any one person with all access to all systems and data containing a company’s vital information for personnel, financial, sales, inventory, manufacturing, etc.
- Personnel are given access only to those systems and the specific information necessary to do their jobs;
- Computers that handle sensitive information for payroll, point of sale and other key functions should be kept apart from computers used for non-sensitive work.
- Upon an employee’s leaving the company, immediately disable and purge his/her user account.
To be continued.
Rick Callaway’s team at Pacific Diversified always go extra miles to protect businesses, their properties, employers and employees. We focus on insuring commercial real estate such as office buildings and multi-family dwellings, apartments, restaurants, hospitalities, senior housing. We offer cybersecurity insurance to all companies as well as general liability insurance. Please call 925 788 5558 for an appointment, or email: firstname.lastname@example.org
CA Insurance License # 0K07568