Halloween is a fitting day to remind ourselves that October is Cybersecurity Awareness month. In-between all the ghouls and ghosts is a good time to prepare ourselves against everything from phishing to malware.  Below are three things to be thinking about today:

1. Do you have written cybersecurity policies or have an employee tasked with managing your cybersecurity preparedness?

Written policies can help govern the structure of your cyber security program. For instance, written policies should identify technologies and connection types that pose a higher inherent security risk. Is your organization’s wifi access open to the public or to employees’ own personal devices? Do you segregate networks? Do you update patches on software programs regularly? These are a few questions to ask when developing written policies and procedures to govern cybersecurity in your business.  In addition, depending on your industry there may be certain rules and regulations that require your business to have a written security plan.

Finally, who in your organization is tasked with managing cybersecurity? If you don’t know the answer to that question or do not have someone tasked with managing cybersecurity now is the time to identify who should be in charge of cyber security. That person should report to the highest levels of your organization to make sure that cybersecurity is a priority from the Board Room and below.

2. Bring in the Experts – But Protect Their Findings

There are many technology experts in the field of cyber security who will come in and do an assessment of your organization’s preparedness. Always remember that sometimes a written report being marked “Confidential” does not mean that it will be. What if the threat assessment of your company comes back saying your security looks like swiss cheese? Take steps on the front end of the engagement of these outside experts to try to protect the findings of their reports.

Work with your legal department or outside counsel to outline how your expert will be engaged and who your expert will report to. At the very least, limit the reports dissemination to only a “need to know” basis within the top levels of your organization.

3. Update Your Passwords and Create a Password Policy

Think about your own personal security – when was the last time you updated your passwords to your work email, your online banking, or your credit cards? Today is the day to do it.  Pick different passwords for each account or at the very least unique passwords for your business and financial accounts that are distinctive from any other passwords you use.

Does your business force you to change your password regularly or have certain length/character requirements for passwords? Now is the time to ban “password123” as a password in your organization. Your business security depends on it.

Don’t let cyber security spook you – be prepared and take steps to protect yourself personally and your business. Happy Halloween!