Cyber attacks pose a significant risk to businesses, costing companies millions and ruining reputations. The tactics used by hackers are always evolving so it’s important to make sure you are keeping up.
Most attacks result from a business and its employees being unprepared or underprepared for a threat. But by following the latest cyber security best practices for your affiliate can significantly minimize your risk of a hack.
Here are 15 tips to get your protection up to speed.
Cyber Security Best Practices for Affiliates, Employees and Volunteers
1. Turn on MFA for Remote Access
Make sure to enable multi-factor authentication (MFA) for remote access to your network and use of remote devices. Ensure MFA is enabled whenever employees and volunteers work from home, use company portable devices and use their own personal devices for work purposes under your “bring your own device” (BYOD) policy. Remember hacker intrusion through remote access portals is high and any employee or volunteer working in a system remotely should be required to go through an MFA verification process to confirm their credentials.
2. Develop Cyber Policy Documentation
Create a written cyber policy that is tailored to the needs of your affiliate. Make sure your policy addresses the particular cyber risks facing your affiliate, documenting the steps for your personnel to take for cyber attack prevention, ongoing threat monitoring and cyber incident response. Follow all guidance from HHFI.
3. Educate Employees and Volunteers on Cyber Safety
Make education on cyber safety a key part of your employee and volunteer training. Go beyond inserting a few bullet points into an employee handbook that is handed out to new employees. Instead, train employees and volunteers regularly on cyber and data security issues. Consider enlisting the help of third-party best practices seminars if available.
4. Institute a Funds Transfer Policy
Take extra precautions if your affiliate routinely handles financial transactions. Have a specific policy for wiring funds or sending money, such as verifying instructions via a phone call with the number on file for any transaction over a small amount.
5. Have a Suspicious Links Procedure
Have a specific policy about opening links from unknown sources. Train employees and volunteers to never click on a link in an email from a third-party source without first verifying the email is legitimate. Instruct employees and volunteers to never provide any credentials such as a username or password if prompted by a link in such an instance.
6. Consider a Personal Use Internet Policy
Consider creating and enforcing an employee and volunteer policy on personal internet usage. Realize that, besides being a drain on productivity, internet surfing can lead to cyber attacks. Consider prohibiting internet use beyond what is necessary to complete work tasks.
7. Establish a Personal Device Policy
Put a policy in place for employees and volunteers regarding the use of their personal devices for work purposes. There is risk involved in allowing employees to perform work functions on cell phones and personal computers that haven’t been vetted and approved. Think through how your affiliate will manage the risk of a personal device being stolen that contains confidential affiliate information and communications.
8. Protect Portable Company Devices
Establish a protocol to protect affiliate-owned laptops, cell phones and other portable devices. Set up devices to require strong password protection with multi-factor authentication and install current software and antivirus protection.
9. Require Robust Password Security
Have a policy requiring employees and volunteers to set and maintain robust passwords for all their work devices and applications. Require employees and volunteers to immediately change any dummy passwords given at the start of employment (such as “1234”), keep their passwords confidential by never leaving notebooks or sticky notes lying around that could reveal their passwords, and enforce frequent password changes, making sure employees choose strong passwords that meet policy requirements.
10. Ensure Software Is Up to Date
Make sure all software up to date to prevent a hack. Check that all virus, malware and ransomware software that protects your system is up to date. Make sure operating systems and business software solutions are also kept up to date on all devices. Turn on automatic updates for security fixes and software patches that protect against new vulnerabilities.
11. Enact Firewall and Data Encryption Protection
Enact a combination of firewall and data encryption protection across all your systems. Many cyber incidents stem from avoidable failures to encrypt sensitive data and protect privileged communications. Make sure you understand what your third-party IT and data host provider is doing to protect your data and network.
12. Review IT Backup Procedures
Have your team go over its backup procedures. All too often a business learns that its data has not been properly backed up or that the backup is so closely tied to the server that it too is lost or corrupted in theft and ransomware attacks.
13. Know Third-Party Firm Policies
Have a thorough understanding of the policies of third-party companies who store data or who you store data with. Your cyber security protection is only as strong as your weakest link and it does little good to have strict data and cyber policies if a third-party host is not careful or shares sensitive information with unsafe recipients.
14. Invest in Annual Penetration Testing
Consider allocating resources to conduct annual system penetration testing by a qualified third-party cyber security firm. Look into forensic IT companies who offer services where your affiliate network and email systems can be tested to highlight vulnerabilities and recommend solutions to improve cyber safety.
15. Obtain Cyber Insurance Protection
Cyber attacks may occur even when you’ve taken all the right steps to protect your affiliate. Make sure you obtain cyber insurance protection to ensure your affiliate survives a hack and bounces back.
Cyber coverage from Lockton Affinity’s Habitat for Humanity Affiliate Insurance Program is designed to protect your affiliate from the threat of cyber attacks. Contact Lockton Affinity at (888) 553-9002 or HFHInsuranceService@LocktonAffinity.com to learn more about this important coverage.