Q&A with Peggy Kitzmiller, Aldrich Technology: The Importance of Cybersecurity & How to Protect Your Business
So, you’ve gone through all the steps, working hard to get your business up and running, finding some great employees, hiring dedicated HR support…wink, wink. But what if we told you that could be all for not if you’re missing one crucial piece?
That missing piece of the puzzle is cybersecurity. We know this topic can be a little confusing and nebulous (even for us), so we reached out to the experts for some help. We did a Q&A with Peggy Kitzmiller, Managing Director, at Aldrich Technology to learn more about the importance of cybersecurity and how to make your business that much more secure.
Here’s what we learned:
Q: How would you explain cybersecurity to someone who isn’t as familiar with tech?
A: Most people think of cybersecurity as protecting our computers from the “bad guys.” Effective cybersecurity protects you from the “bad guys” as well as from accidents caused by “good people.” To be effective, cybersecurity should be designed to be holistic, layered, and most importantly, aligned with your culture and business objectives.
Cybersecurity protects a company’s network, computers, mobile devices, information from unauthorized access or criminal use and therefore protects your customers, employees, and vendors. The practice of cybersecurity also ensures confidentiality, integrity, and availability of information for a business to operate. Cybersecurity is often referred to as IT security.
Q: In your opinion, why is cybersecurity important for businesses?
A: Good cybersecurity practices protect business owners, customers, employees, and vendors. Without good cybersecurity practices, a business is opening itself up to reputational, financial, and operational risks. Additionally, having good cybersecurity practices allows a business to be eligible for cybersecurity insurance which is increasingly more difficult to obtain.
It all begins with people. People are the ultimate victim, source of the problem, and the most likely to be able to thwart cyberattacks. Start with a strong cybersecurity policy that is aligned with the culture, processes in which your people engage. This should include important areas such as how employees handle company information, how data is stored and protected, and employee security awareness training. Then you can address strong passwords and other security protocols and security technologies.
Q: What is the biggest risk to a company when its cybersecurity is weak?
A: The most likely hack and the hack that poses the greatest risk to the business are two different things. The most common hack today is having a hacker access someone’s email account and act as that employee to initiate financial transactions which could be devastating to the company. The highest risk to the viability of the business is ransomware.
To reduce the vulnerability of your business, start with user awareness training. That reduces the likelihood of being “phished” and the human mistake of following the hacker’s guidance. Next, use strong passwords and multifactor authentication — this is the best current defense to protect email accounts.
To protect against ransomware there are several actions to take in addition to the three mentioned above. The top two would be outbound filtering (commonly called “BotNet” filtering) and offsite systems backups. Outbound filtering can stop ransomware from activating so your antivirus/antimalware programs can detect and remove the ransomware. Offsite, versioned backups of entire systems are a cornerstone of Disaster Recovery.
To reiterate, effective cybersecurity awareness training is the paramount defensive action. It is not possible to eliminate hackers or hacking attempts reaching the eyes of your people. Make sure they’re educated on how to recognize when they are being hacked and know how to promptly respond when they think they are being hacked.
Q: What are some tips for businesses to strengthen their cybersecurity?
A: There are seven cyber security best practices for every business:
- All employees should participate in annual security awareness training.
- A strong password/passphrase policy should be implemented, with a minimum of 14 characters and complexity (20 characters or more is preferable)
- Implement Multifactor Authentication for network access, all cloud services, all business applications, and infrastructure where available.
- All laptops should be encrypted using Microsoft BitLocker or another similar utility that stores the encryption keys centrally.
- All servers should have a backup/recovery mechanism in place for both files as well as the “server” (the latter is the first step in Disaster Recovery)
- All computers must be protected with antivirus/antimalware that supports centralized management.
- Security policies should be documented and well-organized.
While this last point probably seems obvious, cybersecurity should be talked about and examined regularly. It’s not a one-and-done topic. Unfortunately, hacking is the fastest-growing, most well-funded area of software development and computer technology research being done today, both by the hackers and the groups trying to stop them. It is a rapidly evolving aspect of IT and should be treated with equal urgency in businesses of all sizes.
We’d like to thank Peggy for her outstanding insight and for helping businesses stay more secure. Reach out to Aldrich Technology for your technology and cybersecurity needs!