And vulnerability to cyber attacks is among the top CEO concerns today. Kip Boyle, founder and CEO of Cyber Risk Opportunities in Seattle, and former cyber security consultant at Stanford Research Institute, offers 5 tips to reducing your vulnerability to cyber crime.
1. Update, distribute and get signatures on Acceptable Use agreements. “Make sure your agreements cover all company-issued devices, not just desktops and laptops. List all the devices your company distributes to employees. Update and distribute the document. All employees need to sign this agreement and keep it up-to-date. Updates should be done annually.”
2. Continuously update software. “The number one threat everyone faces are the flaws in the software you’re using. Attacks can often be prevented by quick installation of vendor-provided patches. It isn’t just installing Microsoft patches, but installing patches for every software vendor.”
3. Encrypt all data. “Most products have encryption built in; you just have to turn it on. The belief that encryption slows performance is a myth. It might have been true years ago, but not any more.”
4. Use ad-blockers. “A common way attackers sneak malicious code onto your device is through ads that appear on legitimate websites. These ads are full of malicious codes. You don’t have to click on anything to be infected; visiting the site is enough. Installing ad blockers should be part of your end-point security strategy.”
5. Set and communicate email response policies. “People like to be helpful, and will try to comply with requests made by email that seem legitimate. Set a value threshold pertaining to email-only requests, and require additional validation for amounts above that threshold. Let employees know they won’t be penalized for slowing down operations when they comply.”
The biggest advantage you can give your company against cyber attacks is to raise awareness of cyber risk. Emphasize that each employee is the first bulwark against hackers, and prioritize the flow of information on cybersecurity across your organization, not just the IT department.