Cyber security is a hot topic right now, and rightly so. Attacks are increasing, from automated “bots” to direct, targeted attacks. Hackers can steal data, hold data hostage for a lot of money, and/or use your online identity to scam others.
We do regular webinars on this subject. Here is a recorded version:
Many cyber attacks depend on getting into your password-protected systems. Passwords can be stolen, changed, found out, and even directly provided by cleverly fooling unsuspecting people.
So what is the #1 thing you can do to immediately improve cyber security?
Multi-factor identification, or MFA. A password is not enough for even you to get in to your systems. You must also push a button on your mobile phone to enter. If a request to enter your systems pops up on your phone but you are not currently trying to sign in, do no approve it. If you don’t push the button to let them in, hackers can’t access your systems using your password.
Our #1 cyber security recommendation is: get multi-factor authentication (MFA) on all your systems, and make sure no one is exempt.
What is MFA and how does it improve cyber security?
MFA is access security. When you log in, you must both put in your password and approve the login via an app on your mobile phone. This provides an extra layer of security because hackers don’t usually have access to both your password AND your mobile phone.
How much does MFA cost and how do I get it?
There are several different options, but here at Inderly we use the Duo app for multi-factor authentication. They have a plan that is free up to 10 users, with other plans ranging from $3-$9 USD per user per month.
Ask your IT firm or consultant for a quote to get you set up on MFA as soon as you can. If you are doing a cyber security review, here is some more information about other cyber security basics that you may want to cover with your IT provider.
The risks of going without MFA
Many of us have received emails saying something to the effect of “our databases were compromised, your information was exposed, we recommend you change your passwords.”
Hacking can is not only be costly in terms of your time and reputation, but it can have far-reaching consequences for your clients. Furthermore, it can cost you thousands of dollars in “ransom” fees if you don’t have working backups.
Having MFA in place for all your systems for all staff is an immediate, affordable step you can take to improve your cyber security.
After putting in place MFA, draft an incident response plan
In our view, cyber security means planning for failure. Plan for failure, and you will recover faster from a cyber attack.
Put in place an incident response plan before a cyber attack occurs. Work with your IT provider to think through:
- How will you identify a cyber attack, stop an attack, and recover your data?
- Who will develop an incident report?
- Will you know who breached your data, and where and when this occurred? How can you prove it?
- Do you have cyber security insurance and if so, what does it cover?
- What are timelines and guidelines for reporting to your clients, and other stakeholders impacted by a cyber attack?