6 Steps to Better Cybersecurity

Though the cyberthreat landscape continues to expand and we are seeing “an unprecedented increase in cyber-attacks and malicious cyber activity” like, phishing, ransomware, breaches, business e-mail compromise schemes, there are actions we can all take to help mitigate these growing risks. Here are 6 steps that might help you and your employees be less vulnerable to cyberattacks:

  1. Educate your employees - Cybersecurity is no longer just the responsibility of technical teams. While they do a lot of the heavy lifting, all employees are responsible for being aware of potential scams, how to spot their characteristics, and what to do when they discover symptoms of an attack attempt. One of the best ways to help keep this part of the front line more aware and better prepared is having a regular schedule of testing and training on security best practices, a consistent cadence for updating employees on new risks, and known processes in place to help identify and report suspicious events. 

  1. Keep device software up-to-date - Ensure that all operating systems and applications are at their most current and secure version by enabling automatic updates for computers, smartphones, and tablets. These updates often include protection against recently discovered threats and new fixes for security vulnerabilities.

  1. Utilize antivirus software – Install an antivirus program on all company devices and set them to automatically update. Also, consider equipping all devices with firewalls, email filters, and anti-spyware. Email authentication and intrusion prevention software can help limit your vulnerability to phishing, spoofing, and malware. 

  1. Use a Virtual Private Network (VPN) - Make sure that devices connected to your network do so through a secure internet connection, whether in the office or from a remote location. Using a VPN to access corporate networks can help you secure web traffic by creating an encrypted “tunnel” between your devices and the internet to help better protect your data from bad actors who may try to steal or monetize your corporate data and your employees’ personal information. 

  1. Use multi-factor authentication - Implement and require multi-factor or two-factor authentication for employees to access areas with sensitive information. Requiring an extra code or physical key for login can add an extra layer of security that may make it harder for scammers to successfully login to an account even if they manage to steal a username and password combination.

  2. Require strong passwords - Implement passwords on all devices and apps. Instruct your employees to use a password with at least 8 characters and to set a unique password for each account. Utilizing a password manager can help them generate, manage, and store distinct and complicated passwords.

While all of these steps are separate actions, they all help establish clearer communication, consistent behavior across job functions and levels, and a greater commitment to data protection and security awareness.  


For more on cybersecurity best practices through physical security, read 

Workplace Physical Security Is an Essential Component of Cybersecurity: 11 Ways to Better Protect People, Devices, and Data“. And to learn more about how you can offer better protection for your employees and their families, contact us for information.


The information provided is intended as general guidance and is not intended to convey any tax, benefits, or legal advice. For information pertaining to your company and its specific facts and needs, please consult your own tax advisor or legal counsel. Links to sources may be to third party sites. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.