As we move into a Financial New Year, it’s a good time to review your IT security policies to ensure your data is adequately protected. Our in-house experts provide their top suggestions on ways organisations’ can minimise security risk.
- Back up your data regularly, and make sure your anti-virus software is up to date
There are several ways to back up your data, such as using an external (USB) hard drive, cloud based service or a local server. Backups should always be password protected and if your data is sensitive, then encryption should also be considered. If you are a victim of a security incident, the quickest way to get your data back is to erase and re-install the system. - Patch workstation operating systems regularly
Whenever a vulnerability is identified on an operating system or application, vendors will release a fix to ensure the identified fault cannot be used in an attack. For this reason, it is imperative that any fixes are regularly applied to the workstation. Not allowing the patch to be applied exposes the individual endpoint to known threats and every other endpoint connected to the network as well. Don’t let your endpoint be the weakest link in the cyber security chain. - Conduct regular Employee Training and Security Seminars
It’s a business cliché that staff are a company’s greatest asset and potentially its greatest risk. Employees are the first line of defence against cyber-attack, and also the most glaring vulnerability. Have a documented remediation plan in place and update or review frequently. Train your staff about the different types of cyber-attacks and communicate step-by-step instructions about what to do before there’s a problem. - Dispose of your IT assets and IP safely
When disposing of unwanted equipment there is a significant risk that important data may fall into the wrong hands. Merely deleting information is insufficient – magnetic, optical and solid-state media may retain recoverable data that could put your intellectual property at risk. Do your due diligence and look into a certified vendor with a strong track record to securely remove sensitive data files from your system - Have an effective and efficient disaster recovery plan in place
Business continuity is essential particularly when it comes to security. Issues occur when companies restore a backup to recover from a malware attack only to find out that the backup was also infected. Other issues include not knowing which date to restore to or going to an old date and then incrementing the backup which can take days.
How to sell business continuity to your C-Suite - Prepare for when disaster strikes
Cyber security incidents can have business continuity implications and impacts that extend far beyond IT. Speak to a Disaster Recovery service provider to see how they can keep your business running in an unexpected event. Here are key questions you should ask your Disaster Recovery provider. - Protect your data using the principle of lease privilege
Teaching your employees to create smarter passwords is just the beginning. It’s even more important to limit non-essential access to data. When an attacker swipes login credentials, but the person’s credentials can’t access valuable data, you’ve already thwarted a breach. Implement detailed policies that tie data access to positions within departments and roles within inter-departmental projects. Also, create strong policies around personal mobile device usage, USB drives, and remote access to your corporate network. Finally, periodically review user access to ensure that their current level of access aligns to their current role. - Ensure your IoT devices are secured
Real-time, highly reliable monitoring provides peace of mind that your services are operating as intended. An offline device may indicate local tampering is taking place, or a broader issue like a power or internet outage has occurred. It is essential that your devices have the appropriate monitoring solutions.
Interactive’s biggest advice is ensuring you have the basics in place so you have much more than a fighting chance if the inevitable incident does unfold.
