There is no doubt that high-profile security breaches in the public and private sector shine a bright light on the importance of addressing network vulnerabilities. However, online and network security is not something just for government agencies, prime contractors and big, high-profile companies, but for smaller enterprises as well.
Why Would Anyone Hack MY Network?
The truth of the matter is – every company has customer lists, financial records and other data worth stealing. In addition, government contractors have been specifically targeted, starting with the largest contractors and moving down to smaller ones.
In fact, because you are a small to mid-sized business, you may be a more inviting target for skilled hackers and scam artists, who may see you as less-protected, or because you’re viewed as a stepping-stone to attacking another company or an agency customer.
Being prepared and well-informed is an essential best practice for every company, but especially so for government contractors.
Cybersecurity Tips for Government Contractors
Train Your Employees and Communicate Often
Your company needs to outline a set of basic security practices and train employees about those policies and how they can best protect your company’s network. For example, according to a recent study commissioned by the Department of Homeland Security, 60% of contractor and agency staffers plugged unknown USB drives into their computers, potentially exposing them to malicious programs. (A study by a British secure USB stick manufacturer put it at 76%.) So develop a policy, train your workers and keep data management procedures fresh and top of mind throughout the year.
Use Strong Passwords and Change Them Regularly
As much as we want to use easy-to-remember passwords like a birthday, favorite pet or the street where we grew up, those items (as well as any words found in the dictionary) are the easiest passwords to hack. Tips for creating strong passwords include combining upper and lower-case letters, mixing in symbols and numbers, and formingpassphrases that you can memorize. Also, make sure you change your passwords at least every three months… and don’t use the same password for everything.
Scrutinize The Email You Receive BEFORE Opening
Be careful before you open any email, especially if it is unsolicited. (And especially if it’s before you’ve had your first cup of coffee.) Unsolicited or impersonated email can often be the way cybercriminals gain access to your networks. Remember not to download any files from unknown people or click on any links. The safest bet is to isolate the email and consult with your network administrator. Do not reply to and forward these kind of email messages.
Do Not Open or Share Files Over Instant Messenger
The rules here are similar for email. Though some companies have internal networks, never accept files unless you are expecting them or know who is sending the files.
Install Antivirus, Antispyware and Security Monitoring Programs on Your Computers
Antivirus and antispyware software are important first steps to protecting your computers. But there are other software tools that provide even higher levels of protection against online data theft. Conduct some online research and speak with vendors to determine how you can monitor your online network. By keeping an eye on your network’s activity, you can react faster to possible breaches in security and close off attacks before sensitive data is lost or stolen.
Make Sure Everyone Receives Operating Systems and Application Updates
All operating systems provide regular security updates and patches for errors. Application providers typically provide these as well, especially browsers. Make sure all the users in your network are receiving these updates. If necessary, set scheduled updates on a monthly basis to ensure everyone is running with the latest versions of key software.
Back Up Your Data
Schedule regular backups of your data. This can mean setting up a separate internal network drive available to employees or outsourcing this through a third-party vendor. Automatic updates are helpful to ensure that your key data across the company is backed-up properly. Some companies back up their data nightly, while others do it weekly. Depending on the sensitivity and/or importance of your data, choose the arrangement that works best for your business.
Limit Access to Your Network
It is important to keep access to your networks at a minimum. Do not allow unauthorized people to have access to your server room or vital systems. If you distribute laptops, make sure employees keep them secure. Unused laptops should be stored in a secure location. Also, make sure your WiFi network (if you have one) is not open for the general public. Lastly, you will want to limit employee access to data and information, and limit authority to install software to system administrators. This will reduce the likelihood of malicious software or illegal software being installed on your company’s property – thereby reducing downtime to a virus and/or legal liability.
Cybersecurity Articles and Resources
As part of the Virtual Executive Roundtable series that we started at GovWin.com, we have put together two outstanding panels of experts – one to cover the government’s cloud initiatives (February 16) and another to address the new programs and efforts to enhance cybersecurity (March 9).
But going beyond forming a panel of leading cloud and cybersecurity speakers, we decided to try something a little different with these roundtables. Instead of having the audience sit and watch a long series of slides and data, we have decided to get more people involved and help drive the flow of the conversation – before, during and after the event.
The process is simple. Just register for the events (registration is free). And then post questions in our Q&A forum. When the event is LIVE, submit additional questions and answer polls. Then following the event we will keep the conversation going with our panel, provide an event recap and video, and explore the topics and issues we need to address next.
TO THE CLOUD! GOVERNMENT CLOUD INITIATIVES