A cybersecurity expert offered tips for locking down data and sensitive information at the American Architectural Manufacturers Association (AAMA) 2016 Summer Conference. Keynote speaker, Larry D. Sjelin, advised conference participants to not underestimate the importance of a highly trained IT staff and of regularly changing complex passwords. Sjelin is the chief of staff for the Center for Infrastructure Assurance and Security at the University of Texas at San Antonio.

"A common misconception is that small and mid-sized businesses aren't targets for cybersecurity," said Sjelin. "This is not the case."

Sjelin quoted a 2015 report on construction technology, which found that 60 percent of small businesses go under once they have a cyber attack.

"They don't have the ability to bounce back," he said.

In addition to this, 87 percent of small- to medium-sized businesses don't have a formal written internet security policy, and 68 percent don't provide cybersecurity training. And yet, said Sjelin, 60 percent of attacks in 2015 were against businesses of these sizes.

In order to prevent an attack, Sjelin suggested having best practices in place for how to secure data, dispose of documents, safely use the internet and report incidents or potential threats. He recommended having a business continuity plan (BCP) and/or a disaster recovery plan (DRP).

"A detailed DRP in place says how to deal if your company is targeted," he explained. "Eight out of 10 small businesses don't have a basic cyber attack response plan."

A lack of cloud security was a consistent theme in the 2015 report, he found. As a result, Sjelin asked attendees to invest in dedicated IT personnel and to increase the protectiveness of passwords. He advised against using numerical sequences or birthdays in passwords.

"When it comes to passwords, the longer they are, the better," he said.

Here are six cybersecurity tips Sjelin offered:

1. If you don't have a shredding program in your business, you need one.

2. Training is key; organize cyber awareness training for everyone on staff.

3. Encrypt portable devices like laptops, smart phones, etc.

4. Back up everything, and test those backups.

5. Avoid social media and personal email on work computers, especially those which directly handle customer data.

6. Never leave your password out on a Post-It note on your desk.

His department has developed a game in an effort to educate the next generation about the importance of cybersecurity. Cyber Threat Defender, a new card game, teaches the importance of cyber security while seeking to ingrain this idea into the culture for safety down the road. The game was released three months ago and it similar to Magic: The Gathering, a popular card game.

"The game is part of a national effort toward building this culture of cybersecurity," said Sjelin.

More information about AAMA and its activities can be found on http://www.aamanet.org.