Fennemore recognizes the critical importance of Cybersecurity Awareness Month  

Attorney Todd Kartchner, who serves as our firm’s Chief Privacy Officer here provides five tips for simple ways to implement and improve business cybersecurity protocols:

1.  Use Anti-Virus Protection and Firewalls.

• This should go without saying in this day and age, but for the sake of caution, it is important to note that cybersecurity measures include, at a bare minimum, the use of anti-virus protection and firewalls to combat malware and other viruses from entering your systems and potentially compromising your data.
• You should also secure your Wi-Fi network, making sure that it is password protected and that its network name is not being broadcasted.

2.  Protect Your Sensitive Personal Identifiable Information 

• Personal Identifiable Information is typically defined as ANY information that can be used to identify and/or locate a person.  This can include information that ranges from simple things like names, addresses and phone numbers to Social Security numbers, dates of birth, credit card information or IP addresses.
• In addition to appropriate cybersecurity, you may want to take additional measures to ensure such information is subject to greater protection, including limiting access to such information to select employees.

3.  Ensure Your Software is Updated

• One of the most important things you can do to mitigate attacks through viruses and ransomware is making sure you patch outdated software, both in terms of operation systems and its applications.
• It is much easier for criminals to hack vulnerable systems with outdated software.
• Although it is beyond the scope of this post, look into and implement patch management best practices.

4. Routinely Back Up Your Data

• Ransomware attacks are on the rise.  One of the primary things you can use to mitigate such attacks is to have your data properly backed up so that you can restore your systems with a recent backup in the event cybercriminals are able to lock your systems or otherwise interfere with your ability to access your data.
• Best practices here utilizes what has commonly become known as the 3-2-1 rule.  You will want to store three copies of your data in two separate sites with one copy located off-site.  

5. Train Your Employees to Follow Cybersecurity Best Practices

• Cybercriminals often gain access to company systems through employees with lax standards.  
• Employees should be trained, at a minimum, annually, and, such training should include, among other important points:
  • Be suspicious!  Do not open emails from people you do not know, and be hesitant to click on links without proper assurance that they came from a trusted source.
  • Use strong passwords and require that employees change passwords at least annually.  (Some experts, including the FCC, prefer changing passwords every three months.)
  • To maintain security, do not use public Wi-Fi without also utilizing a Virtual Private Network (VPN), which will encrypt the traffic between the VPN server and the employees’ devices.