1) Assess risk and identify weaknesses
Analyze online and operating systems to determine areas most at risk. As part of this risk assessment, you should also ensure that updated anti-virus programs, anti-spyware programs and firewalls are installed on all computers and employees are required to change their passwords every 60 to 70 days.
2) Back-up critical information
·Establish a schedule to perform critical data backups and system upgrades on a regular basis. This ensures critical data is not lost in the event of a cyber attack or natural disaster. Store all backup copies in remote locations away from the office, such as on an external hard drive, and encrypt any sensitive data about company or customers.
3) Create a contingency plan
Draft a contingency plan to follow if the business suffers a cyber attack, including steps on how to continue business operations at an alternate location when necessary. Be sure to test the plan annually.
4) Educate employees
Train employees on proper Internet practices and technology solutions, and encourage customers to protect themselves, as consumers, against cyber fraud. You should also integrate a cyber security rollout plan within the yearly business plan. This plan should also include steps for measuring success.
5) Implement a security agreement
Require employees to sign a security agreement to demonstrate that they are active participants in helping to maintain a secure online environment. This agreement should require employees to report any suspicious online activity or known Internet crime to the proper authorities.