Advancements in technology have made things easier for businesses, but as modern companies put more and more of their infrastructure online, they become easier to attack. Digital business data, personal employee information and proprietary customer specifications can be compromised or destroyed. In this blog, we’ll share sound practices that companies should follow to reduce the risks.
Implement Digital Security Practices in Remote and Onsite Offices
Human digital security measures are a critical step in keeping information safe. Educate all employees about the risks involved in using social media, email and the internet. Train new employees and remind current workers of some important safety practices.
- Encourage the use of strong passwords that are unique. Consecutive numbers or personal information should never be part of a password. We commonly recommend a pass phrase or sentence that isn’t easily put together or thought of as “going together”. Employees should use a different password for each computer application. We often hear employees reuse passwords because they don’t have confidence in their ability to remember passwords. The solution to that is to use one of the many reliable and secure password managers to help generate, store and keep track of passwords.
- Verify each email address before opening attachments or clicking a link. The majority of cyber-attacks start with infected emails. Try to avoid clicking links in emails in general, if you have a bookmark or can type the URL into your browser that’s better. Always ensure the “friendly from” matches the email address. We often see scammers send emails from known entities, like Apple, but when you look more deeply at the email address the root domain is not Apple’s. It might look something like Support@support.applesupportserviceco.com. As you can see here, the root URL is not apple.com, it is applesupportco.com. This bad actor has purposely made their email address look like Apple’s to scam you.
- Make sure that software is kept up to date. The company can be more vulnerable to attacks when software is outdated. Frequent updates are the best way to prevent vulnerability. Make sure to accept updates when your computer prompts you. If possible, enable auto-updates in order to ensure your systems never miss an update.
- Back up data every night on a separate server to reduce the risk of lost data due to cyber-attacks. Attackers use ransomware to hijack data by encrypting it and then offer its return for a large fee. If you have completed an RTO & RPO assessment then you know just how often your company needs to be backing data up in order to not cripple your business, should there be a successful attack on you. We have an RTO & RPO calculator that you can use to help determine what is acceptable for you.
- Scan devices and networks frequently using a vulnerability scanner for potential infections and intrusion by bad actors. All too often we see companies put safeguards in place and then send their IT teams to complete other projects, failing to carve out time each day to monitor those safeguards and review vulnerability scan results. A proactive approach is vital for a healthy IT platform.
Work with an IT Consultant to Ensure Comprehensive Safety Measures
Even if your employees are mindful of safe digital practices, an effective cybersecurity system requires expert analysis of the entire information system. This is especially true if you have your own IT team. As mentioned above, internal teams are often overloaded and not able to practice proactive measures. Working with a consultant periodically provides a fresh set of eyes to review your entire IT systems, protocols and procedures for gaps or areas of improvement. Elements of the analysis include the following considerations:
- Network security - The network must be protected from, and actively seeking out, unauthorized users and would-be attackers. This is especially important in our current environment given many users are working from outside a company’s normal office network.
- Data security - Within each network and application is your business’ critical data that must be protected with layers of security. Without data security, customer information and company data will be compromised. In addition, many businesses need to ensure their security protocols are up to par with industry audits and regulations. If your IT consultant isn’t familiar with audits, ePHI, HIPPA, PII or BAAs, you should not feel comfortable that they have the knowledge your company needs to ensure your data is secure.
- Application security - Apps must be updated and tested frequently to make sure they are secure from unwanted hackers.
- Identity management - It's important to deploy layers of security (geographic and other conditional access policies, multifactor authentication, etc.) to ensure that your users are the only ones using their accounts and then to utilize the Principle of Least Privilege to minimize the impact if someone’s account is hacked. We often see companies where many people have admin access because it is quicker and easier to assign those permissions, but it leads to big trouble down the road.
- Cloud security - Since many companies use the cloud to store information, that data must also be protected against attacks. Cloud storage can be public, private or a hybrid, each having a purpose and “best fit” for certain data. With cloud data, a simple mistake can expose all of your private data to the entire internet, so it is important that your IT consultant understands the architecture behind your cloud solution in order to keep it secure.
- Endpoint security - Many companies allow remote access, especially during the current pandemic. This can present a weak point for maintaining security. Endpoint security should be integrated with your access policies to protect the business network from end user devices that do not meet security standards.
- Mobile security - Even tablets and cell phones can present security challenges that need to be addressed. Whether you provide these devices to your employees or they use their own to connect to company data, an IT consultant can implement security best practices on these devices.
- Disaster recovery and business continuity - If a security breach or some type of natural disaster occurs, data must remain protected and accessible so that business operations can continue. An IT consultant is equipped to help you design a plan to keep the business running smoothly.
The most difficult challenge in maintaining a sound digital security system is the constantly changing nature of the risks. In the past, most companies aimed their security efforts at protecting only the components that were most critical to the information system, such as access to the network itself. Unfortunately, as cyber threats and hackers become more sophisticated, the risks to organizations keep changing. This makes it difficult for a company to stay on top of issues without the continual monitoring that an IT expert can provide.
Contact us today to see how iuvo Technologies can help.