- Get Protection From Viruses, , Malware, Spyware, and Other Malicious Code
Ransomware is making the news regularly these days. It’s affecting some of the largest companies in the world. But don’t think it can’t happen to your business. Ensure your organization’s desktops, laptops and servers are equipped with antivirus and antispyware software. Update them regularly or setup for automatic updating to get the most recent definitions. Don’t forget about patches and updates to the actual products to correct security problems and improve functionality. Again, update regularly or install updates automatically.
- Make Strong Passwords a Requirement and Consider Additional Security Measures
Hackers and their hacking tools continue to evolve. Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Ensure employees don’t leave “sticky notes” with their passwords at their workstations. Consider a password expiration policy requiring new passwords periodically, such as every 90 days.
- Implement Standard Operating Procedures (SOPs) When it Comes to Company Data
A good definition of an SOP is a procedure specific to your operation that describes the activities necessary to complete tasks in accordance with your own standards for running your business. Create policies for how employees should handle and protect personally identifiable information and other sensitive company data. Equally important is to outline the consequences of violating your business’s cybersecurity policies.
- Educate Employees About Online Security. Hold Them Accountable
Educate your employees about online threats and how to protect your business’s data, including safe use of email, websites and social networking. Hold employees accountable to the business’s internet security policies and procedures. Communicate “lessons learned” to employees when a security breach has occurred.
- Secure Your Wired and Wireless Networks
Leaving your network open and unguarded is literally asking for trouble. Implement safeguards for your internet connection by using a next gen firewall. For offices that have a Wi-Fi network, make sure it is secure and hidden – configure your wireless access point or wireless router so that it does not broadcast the network SSID. Lastly, use strong, alphanumeric password protection for administrative access any routers.
- Backup Company Data. Establish Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs)
Regularly backup data on all computers and servers. Critical data typically includes word documents, spreadsheets, databases, financial files, human resources files and accounts receivable/payable files. Determine how risk tolerant your business is and design a backup plan accordingly by RTOs and RPOs. Consider consulting IT professionals about backing up data automatically and continuously while storing copies offsite at another location or at a data center.
- Physical Security Controls are as Important as Cyber Security Controls
Prevent access or use of business computers by unauthorized individuals. Designate a room as a “server room” that can house company servers and other important networking equipment that can be locked along with an inexpensive security camera system. Alternatively, evaluate the practical use of a data center to provide security controls such as biometrics, 24×7 monitoring, multi-factor authentication, locking cabinets and natural disaster resistant building construction.
- Consider Mobile Devices and Their Impact On Your Network
In today’s business environment, mobile devices create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Discourage or disable the ability to use public networks. Establish reporting procedures for lost or stolen equipment.