While no regimen is fool-proof, these 5 simple steps can mitigate a substantial amount of risk.
Review Your Security Profile Through a Thorough Risk Assessment
A formal review of your people, processes and technology from a security standpoint - at least annually - is a worthwhile investment. Led by an internal security professional or a third party, the review should look at the overall security status of physical locations, managed applications, desktops, sensitive information and your overall network. A prioritized list of remediation steps will emerge, and you'll have a clear understanding of your overall risk, so you're better prepared to make cost trade-offs appropriately.
Have an InfoSec Policy
Politely asking employees to work securely is not enough. With clear and simple policies in place, your staff will know exactly what thy need to do, to operate in a secure manner. For example, all notebook computers connected to the corporate network should have security software installed. Your info security guidelines should mandate that NO sensitive information ever be given over the phone. A formal policy along with recurring education sessions go a long way to heighten security awareness into the culture of your business.
One of the key elements of a security policy is to layout a standard protocol for passwords in the organization. Simple passwords are easy for hackers to guess. When complex passwords are implemented, a simple “dictionary attack” (a hacker using an automated tool that uses a combination of dictionary words and numbers to crack passwords) can no longer happen. Encourage your users to not write passwords down, but commit them to memory.
In the event that someone is able to access and remove data from your organization, encryption prevents data from being used. For example, if an employee’s hard disk is stolen or you lose your USB thumb drive, whoever accesses the data won’t be able to read it if it’s encrypted.
BYOD (Bring Your Own Device) Policies
In many cases, more, if not all of your staff are using mobile devices that are not owned and managed by your firm. Add in remote work - away from the protection of your network security - and the risk of operating “in the open” makes it more important than ever to ensure that your staff's mobile technology is as secure as possible.
With a strategic action plan, you can make your business more secure and protect some of your most valuable assets - your data.
Superior Technology provides a full range of technology solutions and professional services designed to help clients become more competitive than ever while achieving goals and superior results. With its highly skilled staff in technology infrastructure and custom software application development, Superior Technology provides businesses with competitive technology advantages that enable them to meet their business goals. Learn more at www.superiortechnology.com. Connect with Superior Technology on LinkedIn here.