- Do Your Research
In order to keep your systems secure, it’s vital to know what’s out there. With new security risks being uncovered at an alarming rate, businesses need be aware of any vulnerabilities in their systems, as well as how to protect business critical systems from these security threats in the first place. Staying on top of the latest security news is fundamental, this can range from following IT security based twitter accounts to subscribing to security service providers mailing lists so you can receive regular updates. You don’t have to be an expert, but keeping up to date with IT security news will greatly help the business with its day-to-day security.
- Make a Security Policy
It’s imperative security policies are created and implemented within the organisation in the event that a security risk is identified. These security protocols should be sophisticated enough to cover a vast array of potential outcomes, yet simple enough to pass on to employees without confusion or misunderstanding. Proactively planning for any potential security breaches will help to shorten the time between break and fix, as a plan is already in place outlining how the problem should be dealt with.
- Keep Security Software Updated
Software updates and patches can be time consuming and often thought of as nuisance to daily operations, but they are critical to your organisations cyber security. Updates are there for a reason; they are created to remove any security flaws or vulnerabilities and make general security improvements – making it crucial that they are not neglected.
Security software such as firewall and antivirus software will need to be updated regularly, it is best to mark subscription renewal dates in your calendar so you can ensure your systems remain as secure as possible. Reputable managed service providers can also provide these services for you, dealing with all renewals and subscriptions moving forward.
- Train Your Employees
Employees are one of the biggest security risks to a company, so taking the time to train them in company security policies is of the utmost importance to the welfare of the business. A system is only as secure as its weakest link, it just takes one person going against security policies to give any attackers the time they need to infiltrate and corrupt business IT systems.
All humans are capable of making mistakes, but employees must contribute to keeping the company safe. It’s vital to train staff on how to deal with these mishaps so any disruption can be mitigated. If employees have any concerns about security, such as suspicious emails or any unusual activity, they should notify their administrator as soon as possible. Staff should physically unplug their computer from the network if they believe they have breached the organisations security, followed quickly by informing the correct person of the potential breach.
- Strengthen and Update Your Passwords
With authentication hacking becoming stronger by the minute, having easy passwords (such as the predictable and highly unimaginative “password”) just doesn’t cut it anymore. Passwords should never include personal information which someone could easily research on the internet or social media, such as your birthday/pets name etc. They should be unique and strong, and should be different for every website or program you use them for without any exceptions. This means that should the worst happen and one of your passwords gets leaked, you are not compromising the security of every single password protected program or website you use.
One of the most important rules with regards to passwords is to never share them with others. This includes writing them down somewhere where they could be easily accessible (such as on a post-it note on your desk), or placing them in a file which can be accessed through your organisations network. Every time you leave your desk you need to ensure you have logged out of any applications which are password protected, or log out of your computer entirely to mitigate overall risk.
- Back up everything
It is critical that you have a functional back-up solution in place within the organisation. You must back up everything; files, customer information, websites and all business-related data. Doing daily back-ups will help restore operations as quickly as possible, reducing recovery time and saving the organisation money. The back-up solutions running on your systems need to be tested regularly to ensure they are working efficiently, and you need to make this testing an ongoing part of your routine.
If attackers encrypt your backups then you will be forced to pay the ransom. In addition to performing backups you need to ensure that these back-ups are taken off site. This means that they are not accessible through the network, so will not be corrupted if ransomware does find its way into your systems.