Everyone wishes their organization could be more secure. With the number of hackers, Insider Threats and other threats to your cyber security out there, you can always find a new security practice to enact.
It takes only one look on the current state to understand why many companies are so concerned with IT security. Constant reports on hacking attacks, denial of service attacks, ransomware and leaks by malicious insiders reflect the amount of cyber security threats that organizations are facing every-day.
However, the number of successful high profile attacks and data breaches are also indicative of the security weaknesses that many companies and organizations have. It is no wonder that in our age of quickly evolving threats and ever changing compliance regulations, companies struggle to keep their data protected at all times. Information security is all about hard work and persistency – you need to make sure that your security has a solid foundation, but also adapt to new challenges well.
Organizations take great pains to use technology to defend against outside attacks, they work hard to spot and stop the malicious insider who is willfully trying to do ill to systems. However, most organizations fall short in equipping their workers with best practices to make them part of the solution to information security.
Here are some of the best practices to help protect your organization with techniques and technologies you likely already have in place.
Back up your Data Now!
Within the last few years, data loss has become a huge issue because of the rise of ransomware, a dangerous malware capable of encrypting a user’s data so that the data cannot be recovered unless a “ransom” is paid to the attacker.
Additionally, Due to hardware failure, virus infection, or other causes you may find yourself in a situation where information stored on the device you use is not accessible.
An external hard drive is an easy-to-use, cost effective option limited only by the amount of data it can store. An external hard drive plugs into your computer so that you copy over any important files that you want to back up directly to the hard drive.
The cloud is a more recent method of backing up data that is free for a limited amount of data. Popular cloud software includes Google Drive and Dropbox.
Keep up-to-date with software upgrades & patches
Understand that if you don’t keep up to date on your system patches and upgrades, you leave yourself wide open for the most basic of hacks. If you never update, your vulnerabilities are exponentially increased.
A software vulnerability is usually a security hole or weakness found in an operating system or software program. Hackers exploit this weakness by writing code to target a specific vulnerability, which is packaged into malware.
Software updates & patches perform a myriad of tasks. They are available for both your operating system and individual software programs. Performing these updates will deliver a multitude of revisions to your computer, such as adding new features, removing outdated features, updating drivers, delivering bug fixes, and most importantly, fixing security holes that have been discovered.
Make it a Habit! Change Passwords Periodically.
Memorized passwords are by far the most common method of authentication used. Organizations should adopt a password policy suited to their particular security needs and the attacks to which the password may be subject. Longer passwords using a wider range of characters are computationally more complex and are therefore less subject to guessing or dictionary attacks. They are therefore considered more secure, but complex passwords are more difficult for humans to remember.
Passwords that are too short are insecure, too long and users start writing them down on notepads which are eventually lost or stolen, defeating the purpose of the password. Passwords should be altered periodically. This alteration will reduce the useful life of any copied or stolen password but if done too often will cause users to either simplify their passwords or write them down.
Organizations should realize that a compromised password will be misused within hours if not minutes. Forcing users to renew their passwords on even a daily basis will not prevent this. The renewal period should therefore be based on the password’s susceptibility to attack or theft and the importance of the authentication for which it is used. All new passwords should be checked against lists of commonly used passwords. Many such wordlists are available commercially. A good list will contain hundreds of millions of words.
Educate and Train Your Users
Security awareness should be part of your business’ DNA, and practiced both top-down and bottom-up. No matter how skilled they are, your users will always be the weakest link when it comes to securing your most valuable information.
But the good news is, security teams can limit this risk through regular training and education pertinent to the organization’s cyber security policies. This training should include how to recognize a phishing email, a vishing scam, how to create heavy-duty passwords, how to avoid dangerous applications, how to take information out of the company in a secure fashion, and other germane user security risks.
Getting on the Right footing matters
Businesses can’t afford to take chances with security. No matter how large or small your company is, you need to have a plan to ensure the security of your information assets. A security program provides the framework for keeping your company at a desired security level by assessing the risks you face, deciding how you will mitigate them, and planning for how you keep the program and your security practices up to date.
Following the best practices path helps you maintain your focus on IT security. It helps you identify and stay in compliance with the regulations that affect how you manage your data. And, of course, it’s the right thing to do because protecting your data’s security is the same as protecting your most important asset.
