Take a look at our Corporate Network Safety list and see if any of these best practices for cyber security have gotten lost as you consider security planning this year:
- Monitor Applications with Access to Data
Applications are great. They give your business the tools it needs to function and be productive. But they also put your sensitive data at risk. When IT security attempts to protect critical information, it usually involves putting up firewalls and building your infrastructure around the data you want to protect. Then you give applications access to this data. When hackers look to steal your data, they won’t try to hammer their way through your firewall, they’ll look for the least secure system with access to the data they need.
- Create Specific Access Controls
Once your IT network is secure, you need to be very careful about who you decide to give the keys to the kingdom. Ideally, it shouldn’t be anyone. By creating specific access controls for all of your users you can limit their access to only the systems they need for their tasks and limit your sensitive data’s exposure.
- Collect Detailed Logs
For a complete record of what goes on in your systems – both for security and troubleshooting purposes – you should collect detailed logs and report data. This is especially the case for applications that don’t have internal logging. By adding tools that can log the activities of these applications you will be able to plug any security holes those applications may create.
- Maintain Security Patches
When cyber-criminals are constantly inventing new techniques and looking for new vulnerabilities, an optimized security network is only optimized for so long. When Home Depot’s POS systems were hacked last summer, they were in the process of installing a security patch that would have completely protected them. To keep your network protected, make sure your software and hardware security is up to date with any new antimalware signatures or patches.
- Beware of Social Engineering
All of the technical IT security you implement can’t take the place of common sense and human error. Social engineering tactics have been used successfully for decades to gain login information and access to encrypted files. Rogers Communications recently faced a major breach when a hacker called an employee pretending to be the IT department and was able to get the employee’s log-in information. Attempts like this one may come from phone, email or other communication with your users. The best defense is to…
- Educate and Train Your Users
No matter how gifted, your users will always be your weakest link when it comes to information security. That doesn’t mean you can’t limit this risk through regularly educating your users on cyber security best practices. This training should include how to recognize a phishing email, how to create strong passwords, avoiding dangerous applications, taking information out of the company, and any other relevant user security risks.
- Outline Clear Use Policies for New Employees and Vendors
To strengthen and clarify the education you give your users, you should clearly outline the requirements and expectations your company has in regards to IT security when you first hire them. Make sure employment contracts and SLAs have sections that clearly define these security requirements. If necessary attach a copy of this Corporate Network Safety list to make employees aware.
- User Activity Monitoring
Trust but verify. While well trained users can be your security front line, you still need technology as your last line of defense. User Monitoring and Web Filtering allows you to monitor users to verify that their actions meet good security practices. If a malicious outsider gains access to their log-in information – or if an insider chooses to take advantage of their system access – you will be immediately notified of the suspicious activity.
- Create a Data Breach Response Plan
No matter how well you follow these best practices, you might get breached. In fact, nearly half of organizations suffered a security incident in the past year. If you do, having a response plan laid out ahead of time will allow you to close any vulnerabilities and limit the damage the breach can do.
- Maintain Compliance
Hopefully these best practices are a useful guideline for keeping your business safe, but you do have another set of guidelines available to you. Regulations like HIPAA, PCI DSS and ISO offer standards for how your business should conduct its security. More than a hassle which you need to prepare audit logs for, compliance can help guide your business.
When all 10 steps of the Corporate Network Safety list are done, time to relax with peace of mind!