October is cybersecurity awareness month so it is important to ensure that your firm and employees are prepared by using best practices, and security policies and procedures. Risk mitigation is needed to protect both the firm and its employees from savvy hackers and cyber attacks. Data breaches continue to wreak havoc on businesses, and the cost is continuously rising. According to the Ponemon Institute, the total average cost of a data breach is now $4 million, up from $3.8 million in 2015. Hackers have a lot to gain while your firm bears reputational and operational harm.
While companywide policies should reflect ongoing expectations and corporate best practices, they should also include tactical recommendations that employees can follow to ensure they are complying with the company’s overall risk strategy. To get started here are just a few pieces of advice we offer our investment firm clients and remember to not only inform employees on what to do, but also what not to do.
- Be smart when browsing/surfing the Internet or clicking links
- Lock your computer and mobile phone(s) when you leave your desk and/or office
- Be careful when entering passwords in front of others
- Create and maintain strong passwords and change them every 60-90 days (We recommend a combination of lowercase & uppercase letters and special characters)
- Change your password immediately if you suspect that it has been compromised
- Report suspicious activity to the IT team/CSIRT to help minimize cyber risks
- Protect personal computers and devices with anti-virus/anti-malware software when working remotely, and keep it current
- Share your login ID or password with others
- Use the same password for every application
- Store passwords on a piece of paper or other easily accessible document
- Open emails or attachments if the sender is unknown or suspicious
- Get caught by phishing attempts, which can occur via email, phone, instant message, SMS or social media
- Provide information such as login IDs, passwords, social security numbers, account numbers, etc. via unencrypted email
- Leave your laptop or mobile device unattended while in a public place. Lost or stolen equipment, including mobile devices connected to corporate network, should be eported immediately
- Keep open files containing personal or confidential information on your desks or in an unlocked file cabinet when away from your office/desk
- Install unauthorized programs on your work (or home) computer
- Plug in personal devices without permission from IT
Photo Credits: Wikimedia Commons
Editor’s Note: This article has been updated and was originally published in July 2014.