Vasily Voropaev, a founder and CEO at Smartbrain.io, a serial entrepreneur, and a dedicated promoter of remote work and remote teams shared his experience in material for Forbes.com.
You can read the original article at the link.
Practicing good cyber hygiene and keeping up to date on evolving cyberthreats is the responsibility of everyone in an organization. Even so, because of their expertise, it’s usually up to tech leaders to head the charge when it comes to protecting their organizations’ digital properties. Indeed, there are some strategies that require expert knowledge and leadership-level decisions.
Still, a holistic set of security protocols involves technical solutions, education and smart habits on the part of team members—if everyone accepts their role, a company’s digital assets will be better protected. Below, the industry experts of Forbes Technology Council each share one protocol that every tech leader should establish in their organizations so that they, and their team members, are working together to safeguard digital assets.
1. Conduct A Data Audit
Leaders cannot protect what they do not know exists. Conducting a data audit to find out the amount and location of data you’re holding is the first step in protecting digital assets. You will be protecting not only your business’ assets but also the personal information of customers and partners. – Stephen Cavey, Ground Labs
2. Classify Digital Properties Based On How Critical They Are
While security protocols can help protect against malice, misaligned sensitivities are a critical issue when it comes to digital assets. Classifying properties based on their criticality is a vital step for any firm, as it will not only help you avoid incidents but also encourage team members to exercise greater care in dealing with digital properties. – Sayandeb Banerjee, TheMathCompany
3. Adopt Zero Trust
With more businesses moving to the cloud and adopting remote work arrangements, many are exposed to new threats that go past their established security strategies. Zero trust provides a high level of security remotely, without the need for a physical location to authenticate access. It’s not a specific technology; rather, it’s a strategy of stringent and continuous identity verification and control of data in the cloud to minimize trust zones. – Alex Cresswell, Thales Group
4. Create A Device Management Role
Assign a staff member to be responsible for all the software, APIs and accesses installed on your employees’ devices. This person should make a list of prohibited sources and programs that employees can never use. Next, establish clear security onboarding for each team member, and organize monthly check-ins to ensure they are using secure connections and only the allowed devices and flash drives.
5. Devote Time To Researching Cybersecurity Changes
The digital age is fast-paced, and new hacks emerge at lightning speed. This calls for solutions that are not just effective but are also constantly evolving. The one essential protocol is dedicating time on a regular basis to understanding and further solving complexities. This entails significant efforts in self-education and staying up to date with the latest innovations in cyberspace. – Manan Shah, Avalance Global Solutions
6. Train Employees On Cybersecurity From Day One
From the start, companies must establish security training and foster a culture that emphasizes the importance of cybersecurity. According to a study by CompTIA, human error was at the root of 52% of security breaches. Providing continuous security training from day one for all employees would help companies reduce the risk of security breaches. – Luke Han, Kyligence Inc.
7. Ensure Training Programs Are Ongoing
It’s essential to hold regular cybersecurity awareness training. Regardless of their role in the company, all employees should be updated about the latest breaches, how to spot them and more. You should also run regular phishing exercises. These strategies not only ensure people are more aware but also increase the tech team’s efficiency. – Trishneet Arora, TAC Security
8. Implement Multifactor Authentication
When considering giving employees broad access to digital assets, one protocol that can make a big impact but that is not overly intrusive is multifactor authentication. It combines steps that make it hard for cybercriminals to gain access to important data via team members’ devices. It requires “something you know” (a strong password), “something you have” (a token on your phone) and sometimes, “something you are” (biometrics). – Renee Tarun, Fortinet
9. Leverage Password Managers
Employees often use their favorite passwords across multiple sites, and a single breach into one of those sites makes their data highly vulnerable. It’s highly advisable to use a password manager to auto-generate complex passwords and manage their use, without repeating any passwords across sites. Password managers also make it easy to reset a password in case it’s forgotten. – Sudheer Bandaru, Insightly Analytics, Inc.
10. Take Early Steps To Protect Your Intellectual Property
Many people focus on cybersecurity insider threat issues, which are important. However, in my experience, large and small companies often fail to identify intellectual property early enough in the process of creation. They don’t take the time to start the patent process, establish additional safeguards on the IP or assess its market value so that they’re treating it with the proper level of respect. – John Walsh, Red Summit Global
11. Set Up Protocols For Lost Devices
No matter how large or small, all companies need to have a protocol for dealing with lost phones. Phones contain crucial information about the company that can impact customers and other employees, so protecting that data is vital. Once a device has been reported lost or stolen, companies should immediately log off all their accounts and wipe clean all sensitive information. – Øyvind Forsbak, Orient Software Development Corp.
12. Establish Rule-Based Access To Sensitive Information
Making sure that the company’s assets are secure and safe should be every employee’s responsibility. At the same time, every employee should have access to the information that will help them in completing their tasks. Employees should only have access to the information they need. A rule-based approach is a possible solution. – Manish Mittal, OpenSource Technologies Inc.
13. Log Off And Shut Down Computers When They’re Not In Use
There’s one very simple thing you can do that can help your company a lot: Make sure employees understand that it is incredibly important to lock their computers any time they leave their desks. I have seen many office spaces with empty desks that have computers up and running—anybody could walk up and log into multiple company systems such as emails, calendars and CRMs. – Eric Trabold, Nexkey, Inc.
14. Store Sensitive Data In The Cloud Only
One simple protocol is to never keep valuable information on individual computers or on-premises. All sensitive information should be kept in the public cloud. As counterintuitive as it may seem to some, the cloud is by far the safest place. Despite the media attention that public-cloud hacks have been receiving lately, these incidents are far less frequent than private hacks. – Patrick Ostiguy, Accedian
15. Clearly Identify The Company’s Proprietary Information
In an easy-to-understand, one-page document, clearly outline what the company considers “proprietary.” New hires sign long confidentiality forms, but it’s important to develop plain language so every individual understands what the company is building and how they can help protect it. It’s our job to cut through the confusion. – Meagan Bowman, STOPWATCH
16. Eliminate Bring-Your-Own-Device Programs
Allowing employees to use only equipment provided by the business is an effective protocol that every company should establish to protect digital assets. This way, the company can rest assured that employees’ machines have the necessary security measures. It also instills more responsibility, because employees are using business equipment that has the latest framework and updates. – Roman Taranov, Ruby Labs