Top 10 Cybersecurity + IT System Practices to Implement in 2021
For most organizations, a new fiscal year begins with looking at potential opportunities, challenges ahead, and lessons previously learned. Reviewing your information technology (IT) systems is an important practice for your business. The past year brought many technology changes from a remote workforce to enhanced cybersecurity best practices and the need for additional communications capabilities. Evaluating your IT systems now can better prepare your business to adapt and find continued success.
We’ve created our Top 10 list to ensure your IT systems are ready to support your business.
1. Use Multi-Factor Authentication
More than ever before, Multi-Factor Authentication (MFA) is an important security method adding an extra layer of protection to every business. Adding that second step makes it significantly more difficult for cyber-attackers to access your data. When combined with a complex password, your business will be better prepared to prevent security vulnerabilities. With so many employees working remotely, a good defense is having multiple methods of authentication in place.
2. Review Your Password Policy
Cybersecurity and hacking attempts have dramatically increased due to many employees working remotely. A strong password policy is one way to protect your company from unwanted hackers accessing your employee’s email accounts and other important software using that same email for login. We recommend a password of 14 characters with complexity, including special characters and numbers.
If your company has a strong password policy, have your IT department review all employee accounts to ensure they comply with your organization’s documented policy.
3. Train on Cybersecurity Awareness
Enabling your employees to recognize common and obscure cyber threats can benefit your organization and its overall security. Human error accounts for a large percentage of all data breaches, and ongoing training will educate employees to be on the lookout for threats. A common solution is regular training for your team to prepare them for phishing, ransomware, and other security concerns. Annual training as part of the new hire onboarding is a great way to reach new hires and make sure current employees are familiar with the cybersecurity best practices.
4. Take an Inventory of Hardware and Software Currently in Use
We advise our clients to maintain an accurate list of all company-owned hardware, including computers, printers, servers, and firewalls, to ensure a replacement schedule is considered and equipment with an expired warranty is budgeted for the next fiscal year. With software, you might consider reviewing each software application and determining if it is still providing value for your company.
Managing employee access and individual permissions to different software is another important security measure. Do you have former employees who still have access to your company information? Have their login credentials been disabled or removed? We recommend starting the New Year with a review of your applications and user access as part of your IT review.
5. Complete And Accessible Data Back-Ups
Today, many organizations use cloud-hosted solutions for applications, while others have company data stored in their corporate environment. Annually testing your data back-up and restoring it to review your systems’ accuracy and completeness is a great way to confirm your business is prepared to act if needed. The new year is also a good time to review your data back-up schedule to ensure it meets your business needs.
6. Review Your Network Monitoring Tools
With remote work on the rise, your corporate network has now likely been extended to your employees’ homes, opening up potential new vulnerabilities. Network monitoring tools may reveal security concerns to address in the future. If your network is not being monitored, now is the time to consider a greater focus on security or ask your current IT provider to explain the measures in place for keeping your network secure.
7. Test Your Disaster Recovery Plan
Every organization should have a documented disaster recovery plan. The New Year is an excellent time to review the plan and test the execution. For example, if your company lost access to the physical building where your servers are located due to a fire or flood, how quickly could you be back up and running? Take time to make certain that everyone understands their role in the company disaster recovery plan and what systems are identified as a priority to continue operations.
If you do not have a disaster recovery plan, now is the time to create one.
8. Review Your Endpoints
Antivirus software is one of the most effective tools for endpoint protection. While no antivirus software is 100% effective, having a system to detect and prevent attacks can exponentially increase your business’s security level. Updating endpoints, or creating a plan to do so, should be part of an annual systems review.
9. Cybersecurity Insurance
Most commercial insurance policies today have some form of cyber insurance coverage for businesses. Regardless of when your annual renewal for commercial insurance occurs, being prepared to respond to the cybersecurity risk questionnaire may take some time. If your business cannot answer yes to most of the questions, you may be paying more in premiums for your cyber coverage. One way to be prepared is to review last year’s cyber risk questionnaire and identify areas that may need attention for 2021.
10. IT Budget Planning
A common challenge organizations face is budgeting for IT hardware and software needs and any outsourced services. As a place to start, consider the hardware and software being replaced or upgraded and any additional user licenses needed for new employees. With the data security landscape changing, other infrastructure requirements, like firewalls, may also be on the list.
Looking Ahead with Aldrich Advisors
For any organization, these 10 best practices will help you start the year with a pragmatic approach to managing your information technology needs. Is your business ready? If you have questions, let’s talk.