- End User Education – This is HUGE! If you have employees who don’t know what a phishing email is and will click on every link and attachment in their inbox…you have a problem! Employee training and awareness are crucial to your company’s safety. It doesn’t matter if you employ 10 people or 10,000 – your data is still valuable to someone out there and at risk. It’s suggested that all new employees go through an IT security training and every employee receive annual training. The first line of defense is a well-informed team!
- Patching/Updating – An unpatched machine is more likely to have software vulnerabilities that can be exploited. Some antivirus programs update on what seems like a daily basis. Be sure that your software and hardware defenses stay up to date and if you turn off automatic updating, set up a regular scan for your systems. Update your third-party programs when prompted to, and if programs don't remind you, manually check for updates from time to time. True, these updates often include new features you may or may not care about, but they often deliver critical security patches behind the scenes as well.
- Encryption – Can NOT stress this enough…do not make it easy for the hackers! Stored data, file systems, and across-the-wire transfers all need to be encrypted. Encryption is essential to protecting sensitive data and to help prevent data loss due to theft or equipment loss. Encryption should be enabled for everything by default, not a feature you turn on only if you're doing something you consider worth protecting. If you pass a large amount of your communications and personal information across the Internet, you should protect yourself from unauthorized persons getting access to this data.
- Backups – A cyber-attack could come in the form of changing or erasing your important data/files. In order to assure you have access, regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly, and store the copies either offsite or on the cloud. Regardless of how small or large your business may be, data is an integral part of running it and what is more important is how you protect and store this data in a secure way so as to avoid any mishaps.
- Limit Access – Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission. If employees don’t have to use personal information as part of their job, there’s no need for them to have access to it. Administrative access, which allows a user to make system-wide changes to your system, should be limited to the employees tasked to do that job.
- Firewall – Always, always, always use a firewall! The use of firewalls is to contain communication to within a specified network and to disallow communication with other networks not related to the business. Firewalls should be activated for all computers in your business. If employees work from home, ensure that their home systems are protected by a firewall. This really will increase the security levels of your company to limit any unauthorized access coming from outside your network.
I am a person who cares about people, and technology, and technological people!