So, security threats are on the rise. Ransomware is ravaging networks. The security threat is genuine enough. Every few weeks there seems to be another large scale data breach. And these are only the ones big enough to make headlines. Studies show government and healthcare are particular targets for cybercrime.
What can we do to keep our businesses safe? Most of us are caught up running the day to day of our companies to give this issue due attention.
Here’s a quick checklist and a way to expand your thinking about business security. In thinking about securing our data, we tend to keep focus narrowly on technology solutions. What solution works best? Well, let’s buy that. But we need to expand our thinking a little. In considering business security, we need to take into account all three of the following:
- Business Security
- Employee Security
- IT Security
Business Security
This means an accessible, functioning, and tested Business Continuity and Disaster Recovery plan. Let’s say your business gets his with Ransomware. You may have to take the hit for a day or two, depending on the Recovery Time Objective (RTO) in your DR plan, but at least you’ll be back up and running. Cloud backups with continuous replication might be the way to go. If you’re not big enough for that to make sense, getting an onsite backup solution might be the way to go. But please, get a solution in place, make sure it’s tested, understand your RTO and RPO (Recovery Point Objective). Do you need backup once a week or every 24 hours? How long can you accept being down? This will determine the solution you need.
Employee Security
This is the most overlooked component in cybersecurity. Are your employees trained on best practices for both email and internet use (see below for our best practices)? Do you have policies in place for governance and usage? Do you have white or black lists for internet sites? Do you have BYOD policies? Is there single-sign on access to critical applications and data? Employees need to be trained on what and what not to do either during onboarding or during an all staff meeting, with that training documented. This critical step is often missed because common sense suggested not to open attachments from exotic sounding email addresses with frequent typos, but phishing emails have gotten a lot more sophisticated, and employee awareness training is vital.
IT Security
While a security audit may be required to give you the best possible protection, there are some ground rules. Besides the overall BCDR plan, and the common Anti-Virus/Anti-Malware solutions, two key IT security solutions to help protect your business are Mobile Device Management (MDM) and Web Filtering. Both of these solutions are fairly inexpensive and can end up saving you tens of thousands if your network is down for several days. An even more advanced solution providing additional network security that can pay huge dividends is network segmentation. Aligning your network by departments, say, can mean if one part of the network falls victim to cybercrime, the others are still perfectly safe.
Attending to these three components of cybersecurity will greatly lower your risk of infection and the losses that follow.
Resources:
Click here for our Cybersecurity Best Practices Sheet.
Click here to download our 2016 Security White Paper
