Whether you keep your data in the cloud or stored locally, every business needs an updated checklist to ensure best practices in security.
Many organizations can reduce risk without spending an exorbitant amount of money on automated and other third-party resources. All it takes is investment in time with the managers, directors, and owners to meet and agree on the action plan.
Where the best value of a cybersecurity service provider comes is in the initial assessment and report of your business. This begins with taking a full inventory of assets (i.e. data, devices, apps, and users), evaluating outside risk factors (i.e. theft, phishing, ransomware, etc.), determining probability of known threats to assets, and implementing an action plan.
Here is your checklist to get started on a safer work environment!
Run system updates on all servers, workstations, tablets, and phones. Set updates to automatic and coordinate with your workforce to check status regularly.
Change default passwords on all network devices such as routers, wireless access points, managed switches, security cameras, desk phones. While you are logging in to each of these devices, check for firmware updates, too.
Enable multifactor authentication (MFA) on all email accounts.
Update passwords on email, domain, and any proprietary software (cloud or local) to be a minimum of 12 - 16 characters in length.
Do not use browser-based password keepers like Chrome, Safari, Edge, or Firefox. Use a notebook and keep in a secure place. Paid-for password keepers like LastPass or 1Pass are fine for enterprise environments but the master password must be safeguarded by ownership.
Check permission levels on user accounts to employ the principal of least privilege. This means that very few (or just one or two) in your organization will have administrative rights to company software. Provide only the necessary access to users that is needed for them to complete their job tasks.
Get a paid-for subscription to reputable endpoint security software. Formerly known as antivirus software, endpoint protection has additional layers of security that often can be centrally managed.
Turn on disk encryption everywhere possible.
Backup your data. The 3-2-1 rule is to have your data in three places, backed up two different ways, and at least one backup kept offsite. (Dropbox, OneDrive, Google Drive do not count!)
Engage in a user-awareness campaign to demonstrate safe web browsing practices and how to identify phishing emails.
Have a written policy in the HR department that clearly defines company data operations and security practices. The policy should include an annual review and sign-off.
Look for stale data on company computers and lesser-used server storage locations. Identify anything that can be archived.
Develop a response plan in the event a breach is identified.
It is more cost-effective to begin a relationship with a cybersecurity service provider than to find one during a crisis. The cost of business down-time is typically thousands of dollars per hour, plus the loss of revenue and loyalty from clients. Getting an onsite assessment performed annually is inexpensive and puts experts at your fingertips when a crisis does hit.