During these pandemic times more problems are presented at an increasing level of risk. Hackers are out more than ever to take advantage of the increased number of users working remotely. This is why we need to ensure our businesses are fully protected and awareness is spread among the organizations. Small items such as reminding employees to be aware of phishing attempts via email and links, logging who and what is on your network at all times, and ensuring that all hardware and software are up to date and patched. Streamlining and standardizing best practices is a great start for any business to get protected.
Now all that being said, you are probably thinking some of these approaches might be costly or require professionals but doing what you can with what you have is where you need to focus first.
Here are 10 methods to aid in getting your business protected:
- Be ready – have an action plan in case something does happen (backup your data to the cloud, 2nd offsite copy of backups, DRP scenario if available)
- Be patched – have all your systems fully patched with the latest and greatest from your software and hardware vendors
- Be secure – if not already than make sure your firewall is setup to its potential and protection software on servers and computers are up to date
- Be protected – all devices on your network should have the default logins changed and passwords reset to something other then default
- Be strong – all users should have passwords changing at a minimum 30 to 60 days and enable multi-factor authentication when and where you can, using strong passwords helps greatly to prevent being hacked
- Be trained – Awareness and training is the key here, make sure all employees are trained and aware of what to expect and how to react
- Be encrypted – Ensure that all your backups are sent offsite and are using an encryption when backing up (this makes it harder to hack the data that is on the backup)
- Be mobile ready – All mobile devices need to be secured especially if they connect to business related apps, email, and business data
- Be filtered – using web and email filtering services can strongly improve your security by filtering out the majority of common threats via email and browsing before they even hit your environment
- Be limited – if not already, limit who can access your data and limit admin access levels (most users will only require read access rather then write)