8 Tips For Securely Ramping Up Your Business

By Rob Chapman, PDI

With the U.S. economy reopening and summer travel ramping up, certain types of businesses will be on the frontlines of this surge. This includes multi-site operators with many remote locations—such as fuel and convenience retailers, along with quick service restaurants (QSRs).

If you happen to fall into one of these categories, you need to ask yourself how effective your cybersecurity strategy is as your business ramps up. Now that you’ve somehow managed to navigate your business through a global pandemic, the last thing you want to do is risk it on a cyberattack.

Think about it: You’ve just spent over a year trying to keep everything up and running—which might have meant introducing some new technologies without the normal security vetting process. Or maybe you had to cut some corners in terms of what your ideal cybersecurity protocols would normally dictate.

Here’s How To Get Started

Although you might be able to justify taking a few shortcuts with cybersecurity during a period of unprecedented business disruption, there’s simply no excuse to do that when you finally start returning to “normal” business operations. To help you get started, here’s an 8-point checklist to make sure your business is secure before you get too busy again:

1. Test for security weaknesses before you start ramping up operations. You don’t necessarily need to conduct a full security penetration test, but you should at least conduct some internal probing for obvious security gaps or vulnerabilities. You might be surprised to find what applications or files have been added to your systems during the past year. A thorough scrub for malicious or unwanted programs could be a good use of time and resources.
2. Ensure that all your IT systems have the latest software updates and security patches. You should do this regularly as a general practice, but some systems might have slipped through the cracks while you were occupied with just trying to keep your business afloat. This includes deploying a solid foundation of antivirus and anti-malware tools running on every back-office system (or anything connected to the internet).
3. If you can, find a way to centralize the rollout of software updates to all your remote sites. This will greatly simplify ongoing management. Otherwise, the complexity of managing each unique site can create unnecessary work and headaches for your IT team—and leave your business more exposed to cyberattacks.
4. Make sure you have a reliable threat detection and response plan before you start connecting new devices to your network. You must be able to quickly identify real threats without wasting precious time chasing down false flags. Likewise, you must be able to respond almost immediately to remediate any issues before they can impact your business.
5. Check that any previously dormant devices or systems—especially point of sale devices—that are coming back online are still being monitored as part of your endpoint protection strategy. After 90 days of sitting idle, many systems will no longer be visible for threat monitoring and detection. Having a comprehensive view of your IT environment is critical for endpoint protection.
6. Another key area to focus on is ensuring that any data subject to industry or regulatory mandates is still in compliance. If you handle payment cardholder data, PCI compliance should be at the top of your priority list. If you happen to fall out of compliance, you could face significant fines and legal exposure following a data breach.
7. In terms of employees, security awareness training is essential. This is especially the case if you’re hiring a lot of seasonal or part-time employees to take on the extra workload or cover for vacationing employees. Educate them on security best practices and clearly explain what they should or shouldn’t do in terms of phishing emails, online behavior, and even physical site security.
8. If you don’t have the expertise or budget to manage all these cybersecurity tasks in-house, consider working with a reputable vendor that offers fully managed extended detection and response (XDR) services. This is a good way to gain all the advantages of the latest cybersecurity tools and expertise without having to purchase tools or try to hire in-demand experts yourself.

After you’ve completed this checklist exercise, you’ll be able to prioritize your most pressing security needs. Depending on what you discover, you might need to re-evaluate your cybersecurity policies and processes to make sure they still cover what your business needs. The bottom line is that, after making it through a global pandemic, you shouldn’t turn around and unnecessarily expose your business to the risk of a security breach.

About The Author

As Director of Platform Security at PDI, Rob Chapman is responsible for the company’s network cybersecurity architecture and PCI compliance initiatives. During his career, he has focused on areas ranging from academic and enterprise technologies to Big Data and audiovisual systems. Chapman has a Masters in Educational Leadership and Instructional Technology from Tennessee Technological University. He resides in Columbia, TN.