You’ve probably decided on your New Year’s resolutions at this point. Maybe you’re one of those who simply chooses a word to define your year. But what about your business? You’ve likely considered your revenue goals, but have you considered how you’re going to protect your business in 2020? There is a magical word – prevention. Here are eight cybersecurity actions you should take to protect your business in 2020.

1. Identify your risks: If you don’t know where your risk lies, then you cannot take the steps to mitigate them. Go back to the basics. Consider what devices, processes or gaps your company might have.
2. Review and test your backups: It is essential for every business to have a good backup strategy. Even if you fall victim to a ransomware attack, if you have a good backup, you can roll back and get back to business. You need to think ahead and consider all the critical data and ensure you are getting frequent backups should you have a breach. For example, if you’re only backing up weekly on Fridays and you have a breach on a Thursday, you’ve lost up to six days of data. Combine this with an event like a month-end or fiscal year-end and now you’re really in trouble.
3. Install Anti-Virus / Malware Protection Software: You need to ensure you have a reputable and fully updated version of malware protection software on every device in your organization. Be sure that it is fully licensed and that it’s updating as it should. You should implement systems to alert you if a device is out of compliance.
4. Train your Employees: Your employees are your weakest link. You should implement ongoing training for your staff. Be sure your users know the basics like how to spot fake URLs and attachments. Staff at all levels need to be adequately educated from the C-suite down. You’d be surprised how often executives skip this training then wind up being the target.
5. Secure your infrastructure: In many small businesses, this is often a challenge because the budget does not allow for a full-time IT staff person that is adequately trained in all the needed disciplines. You need to ensure your servers, routers, switches and all network devices are secure. If you don’t have the staff to do this, this is where a managed service provider can really help your company.
6. Implement Multi-Factor Authentication (MFA): Going back to number four above, your employees are your weakest link and inevitably some of those employees will have weak passwords or worse yet, share those passwords. By enforcing MFA, you can help minimize this risk.
7. Identify your threats and make a plan: It’s important for a company to determine all its risks. Whether it be those bring your own devices or outdated software. Even if you have a known risk that you just can’t get around, by identifying it you can at least put systems in place to reduce the risk. Not only do you need to consider prevention, but you need to know what you will do in case of a breach or malware attack. Be sure you have a disaster recovery plan in place and key personnel who know how to execute it.
8. Measure and report: Many times, a company goes through the steps above but then files it away in a drawer never to revisit the plan. You should regularly look at key security metrics.  Then at least annually, you should review your disaster recovery plan to ensure it’s still relevant. You should also consider penetration testing. This is simply the act of figuring out what could a hacker do to harm your business in a real-world scenario. This will give you peace of mind in identifying your weaknesses. It’s much better that you find through penetration testing before a hacker finds your deficiency.

If these tips have you feeling a little uneasy about your company security, Boring Business Systems would be happy to meet with you and help you get into compliance. Boring is a Managed Services Provider in Tampa and Lakeland and also a cybersecurity company. Contact us today for a free consultation.