Almost a year ago, SecurityIntelligence wrote an article predicting that cybersecurity would be a big issue in the 2016 presidential election—and oh, how right they were. The issue came to the forefront in June when hackers compromised voter databases in Illinois and Arizona; while reports said no history or information was erased, the hackers did access voters’ driver’s license numbers and the last four digits of their Social Security numbers. A mere month later, the DNC was hacked, and the 20,000 highly-sensitive emails posted to Wikileaks provided bored citizens with hours of cynical enjoyment. Post-attack, POLITICO reported that the DNC was forming a cybersecurity advisory board to prevent a breach of that magnitude from ever happening again.
Though these cybersecurity issues became the punchline of a weird joke with Trump’s references to a 400-pound coach potato hacking the DNC, the issues they revealed are frightening ones: out of date databases, increasingly sophisticated hacking techniques. Aside from remembering to update your business’s security system more than only every election cycle, organizations can use these issues as a much-needed wake-up call. Here are six key takeaways for companies worried about cybersecurity.
Update Your Operating Systems on the Regular
Take a long, hard look in the mirror and ask yourself this difficult question: seriously, how old are the applications and operating systems that your company uses? Some organizations use versions of software applications dating back five years or more, meaning that all their security precautions were built around older technology. Unsurprisingly, many of these systems pre-date the sophisticated hacker and malware models that currently exist. Even when companies implement security parameters, hackers can circumvent databases because many operating systems lack the complexity to prevent this sort of infiltration. Update early. Update often.
Implement Mobile Security Beyond Password Protection
Don’t forget to secure your phones, too. Aside from keeping your mobile systems up to date and using secure passwords, employees can also have their IT department enable remote wiping—thus, if a phone is stolen or compromised, the company can wipe sensitive data in minutes. And just like computers, mobile phones can also benefit from encryption software, so that hackers who attempt to access files or emails on your phone won’t be able to make sense of a thing.
Take Time to Train Your Team on Security Issues
Knowledge is power! Hold a brief biannual or quarterly employee training session on security. Remind your teams to utilize their filters, train SPAM folders to identify suspicious emails, run virus updates on their computers regularly, and never open attachments on emails from an unknown source. Feeling ambitious? Take a note from the DNC and form a miniature cybersecurity advisory board from your IT department’s best and brightest. It might sound overprotective, but an ounce of prevention is worth a pound of recovering-from-a-hack.
Utilize Admin Settings
With so many employees working remotely, a company’s data is obviously remote, too. While employers may not want to start a culture of distrust, unmanaged admin settings are one of the biggest IT security threats that organizations face today. Think your business is too small to worry about things like that? Research shows that 71% of cyber attacks occur at businesses with fewer than 100 employees.
Take Advantage of Your IT Department’s Know-How
Digital Guardian recommends that IT departments take full advantage of browser add-ons and extensions to prevent users from clicking on malicious links. Two-factor authentication is another best practice that blocks hackers from gaining access to a user’s credentials even after compromising access. When it comes to security, layered passwords and systems are one of the best defenses. Is this information the sort of thing that makes your employees’ heads spin? Ask a shining star from IT to walk the office through it.
Get Smart About Phishing
Marble Security CEO, CTO, and chairman Dave Jevans says that users can leverage phishing attempts to their advantage. For example, businesses can construct a blacklist system for employees who suspect they have been victims of phishing. When individuals report the attack and route it to IT, IT will filter it and add it to a blacklist that protects employees both in the office and outside of it, on their computers and on their mobile devices. It’s like the stop, drop, and roll of cybersecurity attacks.
These election security issues may be playing out like a comedy of errors, but that doesn’t mean it has to be the same for your business. With some presence of mind, a proactive attitude, and a constant eye for updates, you can rest easier at night, knowing that your company is secure.