These are hi-level explanations to give you some basic knowledge when talking to your IT professtional
Cyber Security Tools and Software
A. Essential Security Software
First up: antivirus software. And no, the free one that came with your computer in 2015 doesn’t count anymore! Make sure everything’s up-to-date and properly configured. For basic systems it’s pretty straight forward – check your system settings and set to Auto Update to remind you to do it.
Password managers are non-negotiable in 2024. I keep mine in a free app on my phone with an encrypted copy stored elsewhere. No more sticky notes on your monitor or under the keyboard.
B. Advanced Security Solutions
Network intrusion detection systems are like having a security camera for your network. They watch for suspicious activity and alert you when something’s not right. You’ll be surprised by the number of people snooping around trying to get valuable information. These snoopers “ping” your network and look for vulerabilities with the intent of finding valuable data or resources.
Multi-factor authentication is another must-have. MFA requires you to validate your identity by entering a code automatically sent to another device that is pre-determied by you. The theory is that it is unlikely a potential intruder would have access to both your laptop/desktop AND your secondary device (usually a phone) Yes, it’s slightly annoying to have to enter a code from your phone every time you log in just to verify that it is really you. You know what’s more annoying? Having your entire customer database stolen because someone guessed your password.
Incident Response and Recovery
A. Creating a Cyber Incident Response Plan
Let’s talk about everyone’s favorite topic: what to do when things go wrong. At some point, something will go wrong – eg. a data breach, lossed or destroyed data.
Your incident response plan is like a fire drill for cyber attacks. Everyone needs to know their role and what to do. What are the immediate actions drills for your employees:
– Do they turn off their computers?
– Should they unplug from the internet and/or network?
– Do they automatically start changing all their passwords?
The answer is complicated and must take into account the security of your network, assets (think bank accounts, email accounts, etc) AND operational and customer impact. The point is to think things through so you have some sort of plan. Since most of us don’t have a full time IT person, you most likely won’t get a knowledgeable IT guy on the phone that is familiar with your system. So pre-plan as much as possible and do as much response planning ahead of time as possible. It will still be a mad scramble (most crisis are) but you want to minimize this as much as possible. Ask your IT consultant about your response plan and share it with your employees. And like anything in security, it is NOT a “one and done” proposition.
B. Business Continuity
Business continuity like your business’s insurance policy – you hope you never need it, but you’ll be incredibly grateful if you do. It’s a key element to your response plan. Key to this is getting your system back up and running as quickly as possible by repairing or mitigating the damage. Essential to this process is BACKUPS.
Here’s my golden rule for backups: if it’s important enough to create, it’s important enough to backup. And not just once – we’re talking regular, automated backups that you actually test. Many times I’ve seen businesses think they had backups only to find out they weren’t working when they needed them most. Or, in the case of physical backups, they keep them on-site in a place vulnerable to the same hazards as the main system – Don’t do that!
Compliance and Regulations
Alright, let’s tackle everyone’s favorite subject: regulations!
No, there is no federal law in the United States that is equivalent to the General Data Protection Regulation (GDPR, an European data protection law). However, there are several US state laws that protect data, including:
- California Consumer Privacy Act (CCPA): Regulates for-profit companies that handle the data of California residents
- Virginia Consumer Data Protection Act (CDPA): Protects data privacy within Virginia
- Colorado Privacy Act (CPA): Protects data privacy within Colorado
- Utah Consumer Privacy Act (UCPA): Protects data privacy within Utah
Other states are also considering or have proposed legislation so check your specific state laws regarding Data Protection. And keep checking because laws are continually added, modified and created.
The GDPR protects various sectors of information, including: Location information, IP addresses, and Cookie data.
US businesses may be required to comply with the GDPR if they:
- Offer goods or services to people in the EU
- Track the online activity of people in the EU
GDPR documentation is boring and dry but can be deadly if you don’t pay attention to it. But here’s the thing: in 2025, understanding regulations isn’t optional anymore. It’s like taxes – ignore them at your own peril!
If you’re handling customer data (and who isn’t these days?), you need to know about data protection laws. GDPR, CCPA, PIPEDA – it’s like alphabet soup, I know! But each of these regulations comes with serious penalties if you mess up. Make sure your attorney IT consultant knows about these and specifically how it affects YOUR business and what your obligations are.
Cloud Security
A. Cloud Service Protection
Welcome to the cloud, where everything’s connected and nothing’s as simple as it seems!
A client thought their data (and their backups) was super secure because it was “in the cloud.” But no! Turns out, they had their entire Google Drive set to “anyone with the link can edit.” Facepalm moment! Remember folks, the cloud is just someone else’s computer – you still need to lock your doors and take all precautions to protect it.
When it comes to SaaS (software as a service: you don’t own the software, you just kind of rent it and they update it ) security, think of it like renting an apartment. Sure, the building has security, but you still need to lock your own door and be careful who you let in. I recommend doing a monthly audit of who has access to what. You’d be surprised how many ex-employees still have access to company Dropbox accounts!
B. Remote Work Security
Remote work is here to stay, folks, and so are its security challenges. It’s like suddenly having hundreds of mini-offices to secure instead of just one.
Employees working from their local coffee shop could accidentally shared their screen during a client meeting – complete with all their open tabs and personal emails. Consider strict guidelines about working in public spaces and mandate the use of VPNs, instead of open WiFi nodes.
I’ll write another article specifically about this topic in the future.
C. Future-Proofing Your Security
Let’s peer into our crystal ball and talk about what’s coming down the cybersecurity pipeline.
AI and machine learning are changing the game – both for attackers and defenders. It’s like an arms race, but with computers. The threats are getting smarter, but so are our defenses.
But here’s the thing about future-proofing: it’s not just about buying the latest tech. It’s about building a flexible, adaptable security system that can evolve with the threats. Think of it like raising a kid – you need to give them the tools to handle whatever life throws at them!
Conclusion
From the basics of network security to the cutting edge of AI-powered threats, cybersecurity is a journey, not a destination, so you need a paid professional IT expert to help you – it’s worth it.
Remember: perfect security doesn’t exist. The goal isn’t to build an impenetrable fortress – it’s to make your business a harder target than the next guy.
Start with the basics we’ve discussed in my two articles: strong passwords, regular backups, employee training, and basic security tools. Then gradually build up your defenses as your business grows. And most importantly, stay vigilant! The cyber threat landscape is always evolving, and so should your security measures.
Got questions? Concerns? Horror stories of your own? Drop them in the comments below! And remember: in cybersecurity, paranoia isn’t just a feeling – it’s a best practice!