Incidents of cybersecurity breaches and cyberattacks are on the rise, both within the promotional products industry and in the broader marketplace. As recently as last week, Top 40 supplier Next Level Apparel (asi/73867) announced that it had experienced a data security breach.

Seth Kusiak, vice president of infrastructure and security at ASI, and Jason Kuttner, executive director of technical services at ASI, shared tips for protecting company data during the virtual ASI Power Summit on Wednesday, Oct. 13.

Seth Kusiak (left), vice president of infrastructure and security at ASI, and Jason Kuttner, executive director of technical services at ASI.

“Anyone can be the victim of a security incident,” Kusiak said. “You don’t have to be directly targeted. There may be a vulnerability in your software that may result in you being compromised.”

The first step, and perhaps most crucial, is to enable multi-factor authentication (MFA, sometimes called two-step authentication) for your email, social media, VPN, cloud services – you name it. Many insurance companies have already mandated MFA as a prerequisite for obtaining coverage. “Both Google and Microsoft agree that MFA stops 99% of account takeovers,” Kusiak said.

Companies also need to install anti-virus and anti-malware software, staying on top of regular updates, as well as implementing vulnerability and patch management. Additionally, you want to maintain inventory of all your systems, software and cloud services. “Make sure you have a plan to replace or remove software that is no longer receiving security updates,” Kusiak said.

To ensure critical systems are backed up and recoverable, Kusiak suggests following the 3-2-1 rule: make three copies of your data (one primary and two backups); rely upon two different storage media types; and make sure copy is stored offsite, either in the cloud or a secure storage facility.

Kusiak recommends following the Cyber Essentials by the Cybersecurity and Infrastructure Security Agency (CISA), a non-partisan federal agency. In addition, there are security assessment resources available, such as the Cyber Security Evaluation Tool, a free application benefitting small and medium organizations, and the Verizon Security Assessment, which is free for organizations with fewer than 500 employees and $100 million in revenue.

“Having security awareness and having MFA greatly reduces the possibility of being hacked, but you’ll never really eliminate the possibility,” Kusiak said. “Microsoft and the NSA have been breached. That should tell you something.”