Autumn is upon us, and the month of October is National Cybersecurity Awareness Month. Cybersecurity is costly, especially for small companies and not-for-profit organizations. We are all aware that this is a year-round issue, but in honor of this month in particular, we thought we’d provide five low- or no-cost steps that can be taken to help protect your company’s data:

• Know email scams and warn others.

Individual people are usually the weak link in the cybersecurity plan of an organization. We all know not to give personal information like checking account numbers and social security numbers to someone we do not know, but be aware of new schemes, such as the recent scam that emailed official-looking IRS documents asking for payment of taxes due, including a payment link. Always be suspicious of these unexpected emails.

• Maintain a strong connection with your IT professionals.

Your IT team can help prioritize which information and systems are most important, and balance the cost of security for that information against needs for current operations.

• Stay on top of free updates and upgrades.

Research has shown that there is one defect for every 2,500 lines of programming code—not malicious, just human error. These defects are used by cyber criminals to break into systems, and many busy users fail to take advantage of software corrections provided by vendors. Use updates on computers, smart phones, and other devices used by your business and employees.

• Adopt a stronger password policy.

Can your password be found in the dictionary, or is it the name of a child, pet, or spouse? Chances are it is not secure, unless you take some special precautions such as substituting special characters or numbers for the letters. Changing passwords is inconvenient, but it is a free and simple way to protect data. Businesses with good password policies include procedures for how often to change passwords, where to store them, and guidance for creating strong passwords.

• Develop a plan.

Businesses need to create a planned response to potential cybersecurity attacks. Who is the cybersecurity point person? Who outside the office needs to be notified of the breach? If you conduct practice exercises, your key people will understand their roles, and modifications can be made to your plan. Update your plan when new threats arise; there is no such thing as being over-prepared for cybercrime.

For answers to more questions, or for more tips on creating a cybersecurity plan, contact a Mierendorf representative at (616) 784-4445.