It’s a fact of life, if you have anything of value, unscrupulous people will try to take it from you. Unfortunately, in today’s world locking the door and setting the alarm will not protect your business. Securing your assets requires that you build a cyber security fortress around your business. What follows is a comprehensive list of all of the components of cyber security that you must address. It’s important to mention that you must do all of these things because cyber criminals are very good at looking for, finding, and exploiting any openings that you leave available to them.
Provide Cyber Security Training for Your Employees
Cyber criminals do all sorts of unscrupulous things to trick your employees into giving away the keys to the castle. All employees should be trained periodically to help them become aware of the tricks and techniques that cyber criminals use to gain access to your business.
Apply Security Patches
All devices that are connected to your network consist of both hardware and software. The software contains may lines of code that are used to give instructions to the device. Hackers look for ways to modify this code to alter these instructions. Patching is the process of updating software in a way that improves the functionality of the device or fixes problems in the code that could be exploited by cyber criminals.
Monitor Privileged Users
Privileged users are people that you know and trust. This category of users includes outside accountants, programmers, IT consultants, and other vendors that need access to your systems. Because of the work they do and the fact that you trust them they are often given high-level rights to your network. This puts them in a position to do great harm to your business. It’s important that you monitor what they are doing and manage their access carefully.
Run the Latest Version of Your Application Software
Today’s software consists of millions of lines of code. Lurking within this vast amount of information are security holes that can be exploited for malicious purposes. As these vulnerabilities are identified, the software publishers modify their code to close holes. Older versions of software that are no longer supported are prime targets for hackers because the manufacturer is no longer fixing these holes. So all they have to do is find the application, and they have an easy way into your network.
Only Run Operating Systems That are Still Being Supported
An operating system is software that runs your servers, desktops and mobile devices. This software controls the functionality and features that are available to you. All manufactures release new versions of their operating systems from time to time. They also “end of life” older operating systems, which means those systems will no longer be supported or updated. It’s critical that you only run a supported operating system on all of your devices. Learn more about the life cycle of operating systems »
Actively Manage Passwords
Passwords are perhaps the most common way unauthorized people gain access to your systems. It’s critical that you have a password policy that forces end users to use strong passwords and reset them periodically. It’s also important that you train your employees, not to a share their password with anyone including any requests from IT support people.
Manage Your Mobile Devices
Mobile devices including laptops, tablets, and smart phones are becoming an increasingly popular. What makes securing them difficult is that some are company owned and others are owned by the employee. Loss, theft, misuse, or even inadvertently logging on to a bogus public wireless hotspot could lead to security breaches or compliance violations. To mitigate your risk you should implement a mobile device management system and train your employees on the risks and responsibilities that come along with mobile devices.
Have a Reliable Full-Featured Off-Site Backup
Backups are important for many reasons. From a security standpoint, they become particularly useful to restore servers and workstations to a state before they were infected with a virus or, worse yet, ransomware. Not all backups are created equal and this is not a place to choose the least expensive option. You get what you pay for. The quality of your backup can make the difference between your business surviving or going out of business.
Encrypt Your Data & Communications
Encryption is the process of making your data impossible to decipher unless you have a key that allows you to read it. Encrypted data is useless to cyber criminals. Whenever your data is being stored or transmitted it should be encrypted. Encryption is important because even if a cyber criminal gets a hold of one of your devices or into your network, the encrypted information will effectively hide your information from them.
Have a Cyber Security Policy in Place
A Cyber Security Policy contains a set of guidelines that must be followed by any person that is accessing your system. The guidelines cover what privileges the users have, what is considered acceptable use, and directions on how to be a responsible end-user.
Don’t Overlook Your Printers
A printer that is attached to your network can provide a gateway for cyber criminals to exploit. The configuration menu on older printers was designed to make it easy to connect the printer but did little in the way of security. Modern printers have strong security features, however, they must be setup properly and the firmware must be kept up to date. It’s also a good idea to use encryption for print jobs and be mindful of the information that is exposed by print jobs as they exit the printer.
Implement a Data Governance Process
Data governance starts with understanding what data you have, why you have it, where it is located, and how you use it. The goal of data governance is to create policies and procedures that manage the information throughout its life cycle. Tasks that must be addressed include: data retention, restricting employee access, determining how data is accessed or shared by third parties, destruction of hard drives, tapes, thumb drives, and paper records.
Manage Your Applications
It’s important that you are aware of all of the applications that are in use on your network and in the cloud. When end-users download and install applications on their own they may be creating security or compliance issues inadvertently. Application control will give you complete visibility and will allow you to eliminate rouge applications and data breaches.
Manage Cloud Storage
Cloud storage is inexpensive and it makes it easy to access files from remote locations. By its very nature, your data is being stored by a third party. It’s important that you understand what services are being used, why they are being used, and make sure that you have full control and visibility of your data.
Properly Configure & Maintain Your Firewall
Your firewall is a device that controls the flow of information in and out of your network. When it’s properly configured this will stop the bad guys from getting in while allowing your employees and vendors to do their jobs seamlessly.
Institute Two-Factor Authentication
Typical account logins require only a user ID and password. With two-factor authentication, another step is required before you can login. The additional step may involve a biometric like a fingerprint or eye scan, or it might require you to be in possession of a device like a cell phone or a security token.
Run & Maintain Anti-Virus / Anti-Malware Software
Viruses and malware can be detected and prevented from entering your systems by using anti-virus / anti-malware software. This software must be kept up to date and installed on all of the devices throughout your network. It’s important to know that this software is only effective on known viruses/malware. It will not stop new threats until the software is updated to handle them.
Restrict Physical Access to Your Systems and Information
Physical security involves creating barriers that get in the way of potential attackers. Start with making sure your servers are in a room with restricted access and make sure you store all magnetic media in a secure area. It’s also important that all employees lock their system if they are leaving it unattended, even for just a few minutes.
Don’t Forget About the Internet of Things (IoT)
Connected devices are becoming more prevalent in the modern office. These devices include light bulbs, door access controls, security cameras, environmental sensors, thermostats, and a host of other devices. What makes these devices potentially dangerous is that they connect to your network. You must be aware of all of these devices, evaluate how they could be exploited, and take steps to mitigate your risk. More about the Internet of Things »
Make Sure Your Network is Properly Designed
A well-designed network builds an electronic perimeter around your information. Proper network design makes it much more difficult for outsiders to access your systems. All of your switches, routers, and firewalls must be configured to work together in a way that offers maximum protection for your business.
Get a Cyber Insurance Policy
Despite your best efforts, there is always a chance that you will become a victim of a cyber-attack. Many insurance companies offer privacy and data security liability insurance. These policies are designed to address the financial implications of a security breach. Make sure you have a cyber insurance policy in place.