Cyber Security Guidelines
Implement Cyber Security
Cyber crime is becoming a real epidemic. Ransomware and data breaches are in the news daily. Ransomware payments in 2021 far exceeded 2020 and will continue to grow. Cyber criminals make the targeted business pay a ransom to either get back their data or avoid further business disruption. Committing Identity Theft is also a goal for these criminals.
Small businesses sometimes feel safe knowing their smaller size will discourage cyber criminals from targeting them. Unfortunately the data shows otherwise. The U.S. Congressional Small Business Committee found that 71 percent of cyber-attacks happened at businesses with less than 100 employees. 50% of small business had a cyber security incident in the past year. Small businesses are usually less secure due to lack of time, budget and knowledge of cyber security implementation and policy. Unfortunately this can make small businesses an easy target.
Cyber Security Tips
-
Perform a Risk Assessment
Knowing the value of what you are protecting will help in justifying security expenditures. -
Create a Security Policy
Create a policy that clearly outlines company rules, job duties, and expectations. -
Physical Security Measures
Restrict access to networking closets, server locations, and other critical infrastructure. -
Human Resource Security Measures
Vet employees by checking references and conducting background checks. -
Perform and Test Backups
Perform regular backups of data. Test data recovery for maximum effectiveness. -
Maintain Security Patches and Updates
Regularly update server, client, and network device operating systems and programs. -
Employ Access Controls
Configure user roles and privilege levels as well as strong user authentication. In addition to corporate policy credential policy, consider 2 factor authentication. -
Regularly Test Cyber Incident Response
Create an incident response plan and test emergency response scenarios. Having a response plan laid out ahead of time will greatly reduce any vulnerabilities, limit the damage of a breach, and allow effective remediation. -
Implement a Network Monitoring and Management Tool
Choose a security monitoring solution that is easy use and integrates with other technologies. -
Implement Network Security Devices
Use next generation security devices both premise and cloud based that in addition to firewall protection provide, IPS (Intrusion Prevention System), deep packet inspection including SSL (Secure Socket Layer) inspection, Identity awareness, Sandboxing, URL Filtering, and DNS Security. -
Implement a Comprehensive Endpoint Security Solution
Enterprise level anti-malware and antivirus software are effective and cost efficient. -
Educate Users
Educate users and employees in secure procedures. Awareness of Social Engineering tactics used to gain login information and access to confidential data is a great first line of defense. -
Encrypt data
Encrypt all sensitive company data including email, remote users data through VPN (Virtual Private Network), PKI (Public Key Infrastructure) and certificate management where deemed useful. At a user level this can include encrypting hard drives particularly for laptop users. -
Maintain Compliance
Regulations like HIPAA, PCI DSS and ISO offer effective guidelines for developing security standards.