How to maintain cybersecurity during a business transition

cyber threats

Companies experiencing a significant change — such as a leadership transition, shift toward remote work, or high turnover period — should consider updating their cybersecurity policies. New working conditions can put businesses at increased risk of data breaches, so looking for and addressing security gaps is a good idea. Here are 20 ways to protect a company during tumultuous times.

1. Use Strong Passwords

Strong passwords are one of the simplest yet most effective ways to protect a network. Employees should create long, complex passwords containing a mix of uppercase and lowercase letters, symbols, and numbers. Longer passwords are statistically harder to crack.

One way to create easy-to-remember passwords is by coming up with a phrase. For example, the sentence, “I think my dad is number one in California!” could become “Itmdi#1iC!” which appears random and contains several unique characters. A password manager is another easy way to generate and store complex passwords.

2. Conduct Third-Party Risk Assessments

One major business transition involves switching third-party vendors. However, 92% of surveyed U.S. companies have experienced a cybersecurity breach originating from a vendor, often due to carelessness. That’s why evaluating third-party vendors’ security posture is crucial.

Enterprises should conduct risk assessments that evaluate the potential cybersecurity threats a vendor poses. Does the company have a history of data breaches? How did it handle past incidents? It’s also wise to look for ongoing legal cases or complaints against third parties.

Then, the business can take steps to mitigate these risks, either by discussing them directly with a third party or by finding a new vendor. It’s vital to continually monitor these potential third-party risks because a vendor’s security measures can change over time.

3. Install Firewalls

A firewall is an integral security program that monitors and controls network traffic. It can block unwanted traffic, react to threats in real-time and analyze a breach after it occurs. The data it gathers help prevent future network threats.

4. Implement Access Controls

Few employees need access to every file whenever they please. Access controls require people to have admin privileges to open, view or edit certain documents.

Timed access controls automatically log employees out after a certain amount of time. Another type of limited, temporary access is the use of one-time codes along with passwords.

The most effective access controls use a continuous adaptive trust policy. That means they use contextual information about user status, time of day, device type, and data sensitivity to estimate risks and manage access.

5. Conduct Background Checks

A business transition often involves hiring new staff members. It’s crucial to conduct background checks during recruitment to identify any red flags — such as a history of criminal activity — that could indicate a potential threat to the company. A clear record isn’t a failsafe but a good place to start.

6. Back Up Files Regularly

Having copies of essential documents on a hard drive or the cloud is vital in a network breach. Business managers should enable auto-backups to streamline the process. Additionally, printing paper copies of files allows an enterprise to keep operating — at least on a fundamental level — during a network breach or power outage.

7. Be Civil When People Quit

Business transitions may entail many employees leaving the workplace, whether through quitting or being let go. Even if a relationship ends on bad terms, managers should still be civil and professional toward people who leave. It lowers the risk of an accidental or deliberate data breach by a disgruntled staff member.

8. Close Employee Accounts

On an employee’s last day, employers should move quickly to deactivate their former accounts. Group chats, email accounts, and access to company files can pose cybersecurity risks to the business. Only current staff members should be able to access sensitive or exclusive business data.

9. Perform Regular Updates

Updates can include patches that improve cybersecurity. Managers should always enable automatic firmware, software, and operating system updates. Additionally, they should ensure only people with administrative privileges can install new software on corporate computers.

10. Communicate Risks to Staff

Although it’s important not to alarm people, employees should be aware they’re in a period of heightened cybersecurity risk. Vigilance is key. Business leaders must convey to staff that the current transition presents security challenges.

11. Train All Employees

Employee training goes a long way toward preventing data breaches. All staff members — not just the IT department — should have regular cybersecurity training to ward off common threats.

For example, employees should be able to recognize suspicious email activity. They should know not to click on email links, disclose business secrets or give out their bank account info. Phishing and social engineering attacks may otherwise prey on people’s naivety to steal login credentials or put malware in the network. Staff members should also practice strong cybersecurity habits like logging out when inactive, using strong passwords, and not leaving company phones or tablets unattended.

12. Establish an Incident Response Plan

How should an enterprise respond in case of an emergency? Staff members should have a repeatable, standardized, and applicable plan to respond to cybersecurity threats.

To create a plan, businesses should evaluate their resources and capabilities. They should define their security plan’s purpose and identify any critical assets for which they are responsible. The document should make it clear everyone is in charge of monitoring and reporting suspicious activity.

13. Use a VPN

A virtual private network (VPN) makes an internet connection more secure by encrypting user traffic. This encryption makes it harder for third parties to view users’ online activities and steal their information. Businesses and governments of all sizes use VPNs to secure their online connections and protect against data interception.

14. Employ Penetration Testing

IT departments should hire white-hat hackers to test their network security. One of the primary services these ethical hackers provide is penetration testing, which has become a $4 billion industry in the United States. This test involves trying to break into a computer system just like a threat actor would, often revealing vulnerabilities the company must correct. It’s a proactive cybersecurity measure that can prevent future damage.

15. Use Account Alerts

Cybersecurity software can alert administrators when something suspicious happens. For example, logging in from a new location, on a new device, or at an unusual time can trigger an alert. Too many failed password attempts can also be a red flag. Although cybersecurity alerts are sometimes false alarms, it’s better to be safe than sorry when protecting business data.

16. Enable Multi-Factor Authentication

Also called two-factor authentication, this security technique requires staff to get a one-time access code on a secondary device before accessing a network. For example, when someone inputs their username and password to log into the company computer, their phone will receive a text message with a temporary access code. The code only works one time per login.

Systems that use multi-factor authentication (MFA) are notoriously hard to hack. A threat actor would have to breach the computer system, steal or remotely access someone’s phone, and crack the phone’s password to gain entry. Consequently, a 2021 survey found 48% of U.S. employers and 56% of U.K. workplaces implemented MFA after the pandemic.

17. Go Threat Hunting

Security teams should search enterprise networks for viruses and malware before a threat emerges. It’s akin to getting a regular checkup at the dentist — there might not be anything wrong, but early detection usually leads to better outcomes. Threat hunting can be automatic or manual.

18. Use Network Segmentation

This technique involves breaking a computer network into multiple segments called subnets, each acting as its network. Then, if a hacker tries to breach the system, they’ll only be able to access a small portion rather than the entire computer system. It’s much easier to deal with a breach on a subnet than the whole network.

19. Take Inventory

Business leaders should inventory all hardware and software, including routers, servers, switches, mobile devices, and Wi-Fi hotspots. Taking inventory allows security teams to identify potential vulnerabilities. Outdated infrastructure and legacy systems can create security risks for a network.

20. Update Security Plans

Cybersecurity risks are ever-changing. Businesses should adapt their security plans to change along with them, ensuring they’ll be ready for any threat. It’s a good idea to conduct penetration testing after changing a security plan to confirm that it’s foolproof. Additionally, business leaders should brief staff members on the changes.

Holding Steady

Transition periods can be risky for any company. But by protecting sensitive databases, businesses can be better prepared to handle potential security breaches or even prevent them in the first place. Practices like installing antivirus software, training staff members, and using strong passwords go a long way toward securing data.