Cybersecurity Month

photo credit: niccs.us-cert.gov

October is Cybersecurity Month, reminding us that we must constantly protect our digital information. Businesses are constantly under attack and face potentially significant financial loss when the corporate network is compromised. Here are 10 actions to enhance cyber-security and data protection:

1.  Employee Education: Every employee (and family member) needs to be educated about cyber security. From the “C Suite” to the mail room, anyone on the network can compromise security by installing and using unauthorized software applications or browser extensions; copying files from malware infected flash drives to the network, opening phishing emails, or visiting unsafe sites. All employees should understand data protection policies and procedures. Educate employees about how personal information obtained from social media and web searches can be used by hackers to target them.

2.  Data Access: Identify confidential and company proprietary information; restrict access as needed; and verify that all confidential, proprietary, and important information is stored on drives that are backed up regularly. Educate employee and audit to verify that files are not stored on local hard drives and sharing company confidential or proprietary information with unauthorized recipients is prohibited.

3.  Physical Security: Smartphone and laptops are targeted by thieves for resale and especially for the information the devices store. Configure laptops with encrypted hard drives and ensure biometric or strong password access is enabled. Educate employees to secure laptops in hotels, meeting rooms, public places, and in vehicles. Remind employees to keep their smartphones close by and not in a position where they can be easily stolen.

4.  Network Security: Vulnerabilities in networking components including routers, switches, and wireless access points can be exploited. Inventory network hardware and sign up for notifications from vendors to be informed when vulnerabilities have been identified. Download firmware updates when they are offered. Enable the highest level of encryption for wireless connections. Restrict administrative access to the network to trustworthy technical staff.

5.  Operating System Updates: The cycle of computer and smartphone operating system updates is increasing to patch the latest known vulnerabilities. Ensure that automatic updates are enabled or ensure that your technology professionals promptly review and install patches.

6.  Passwords: Password management is a pain and overuse of simple passwords is common. Thankfully, enterprise password management can make passwords available across a company, computers, and devices. Implement password management software, restrict access to password vaults to those with a need to know; require strong, and unique passwords for each site; and promptly remove access when off-boarding employees.

7.  Software Applications: Enable multi-factor authentication whenever possible. Enable automatic updates to keep software updated or restrict software installations until security assessments have been completed. Audit software periodically to ensure the latest version has been installed, and security settings have been turned on.

8.  Malware Detection: Firewalls and malware detection software is critical and definition files must be continuously updated to protect against the latest threats. Prohibit access to the network if malware software is not enabled.

9.  Secure Connectivity for Remote Connections: All connections for employees working remotely or business partners should require encryption. Maximize security for remote management of the network and disable external access ports that are not needed.

10. Business Continuity & IT Disaster Recovery: Ensure that all important digital information is backed up. Maintain three (3) copies, each on different media (e.g., hard drive, network server, and cloud). Store one copy remote from the primary site in case of physical damage to the facility. Document hardware and software inventories; maintain current images of standard computers; and document a plan for recovery.