How to make sure you don’t get tricked: a spook-tacular cybersecurity checklist for business leaders. It’s as easy as hosting a rockin’ Halloween house party.
By Calvin Engen
October often brings Halloween to mind—ghosts, goblins, witches, and werewolves. In IT we’re also thinking about cybersecurity as it’s Cybersecurity Awareness Month. Either way, it’s scary stuff. But, with a little planning and preparation, it doesn’t have to be. In fact, as business leaders, you can easily take steps toward ward off evil forces, and it can be as easy (and fun) as hosting a house party. (OK, maybe not as fun.) Here’s a completely non-spooky cybersecurity checklist built for business leaders:
1. Make a list. You wouldn’t throw a Halloween house party without creating a guest list, would you? A house party without people is just . . . an empty house. So, your first step is to list everything you want to protect. Emails? Credit card information? Intellectual property? Go on, grab a pen and paper and get started. We’ll wait.
2. Prioritize that list. You’ve got 42 people on the list, but realistically, if your three closest friends can’t come, you’d change the date, right? That’s why Step 2 is to prioritize. Grab the list of everything you want to protect, and then figure out what’s most important to you.
3. Gain buy-in. Your spouse, your partner, your roommate, even your neighbours are going to have to agree to this house party before you can park a food truck on the front lawn. In the same way, you’ve got to get buy-in from your leadership team before you can implement a new cybersecurity policy to help you prevent getting hacked.
4. Set the house rules. Is the second floor off-limits? What time are you turning on the lights and kicking everyone out? If you want employees to understand what they should and should not do in terms of cybersecurity, you need to set policies that set expectations. Can they access personal email or social media at the office? Let them know the rules.
5. Remind your guests. If you don’t want guests to use the good crystal, lock the china cabinet and set out a stack of Solo cups. Spot someone precariously waving around a champagne flute? Pour their bubbly into a plastic cup before they break the glass. Your rules won’t matter if you aren’t constantly reinforcing them. Same with cybersecurity, your policies must be enforced.
6. Set your Magic Circles. Keeping the party to invite only? You’ll need a bouncer (or your brother) to ask those not invited to leave. Plus, you’ll want to lock away your valuables and your secret diary. At the office, your role is to ensure that employees only have access to applications, files and folders they need.
7. Use secret passphrases. This house party sounds like it’s turning into a speakeasy, doesn’t it? But instead of allowing people to say one word, like “Boo!” or “Eek!”, you’re going to make them say an entire phrase, like “Trick or treat, smell my feet.” Staff should only use passpharases, too. They’re longer, and so much harder to crack. Plus, it’s your chance to remind yourself that Halloweenonlycomesonceayear!
8. Create a unique costume theme. Last Halloween’s ’80s theme was so fun! But what makes you think anyone would be excited about coming to another ‘80s costume party this year, wearing the same outfit and dancing to the same Tears for Fears songs? Similarly, stop using the same password on every site. New site? New passphrase.
9. Look behind the mask. Your guests are a fun group so they’ll come in awesome disguises. How are you going to know they are who they say they are if you don’t double-check? YOU MUST DOUBLE-CHECK. Whether you’re accessing bank accounts or important documents, sign up for multifactor authentication. Seriously—we know you’ve hit “Ask me later” on those sites more than a dozen times. No more!
10. Keep it fresh. Changing the day of the party? Let everyone know or you’ll end up hosting a party without any guests (See Tip #1 for a reminder of why that’s a problem). When a popup reminds you of a system update, don’t ask it to remind you to do it later. Do it now.
11. Watch what you drink. At any party, everyone must watch what they drink and from whom it comes. Same goes for work. When you get an email or text with a link, think before you click. Or better yet, call your friend to make sure they really sent it.
12. Lock up before bed. When the party’s over, the party’s over. Time to lock the front door. The back door, too. Set your electronic devices—laptop, desktop, phone—to go to sleep when you’re not using them for 10 minutes, and require a passphrase to wake them up.