Here’s how to conduct a Security Check-Up for your company or organization. They’re not listed in any order of important because, well, they’re all important.
Providing training is hugely important because the greatest threat to digital security is employees. That’s not to say they’re up to no good, but they are most often how unintentional gaps are created and access points exposed.
You may get a few eye rolls when you talk about the importance of not opening emails and attached files from unknown senders, but all it takes is that one employee who doesn’t pay attention to cause big problems. Here’s how to make it real simple; if nothing else, make sure you impart this advice—have them ask themselves prior to opening a link or attachment:
Do I know this sender?
Do I need to open this file or click on the link?
If they answer ‘no’ to one of both, they’ve got to resist the temptation to investigate further, even if they’ve been promised a picture of the POTUS that they’ll never forget.
While this isn’t a security panacea, it’s a simple and inexpensive first line of defense. Also, make sure you’re running the latest version. Security is a cat and mouse game. When the mice get smarter and craftier, the cat needs to address this craftiness by improving and upgrading its software. Those updates are there for a reason. Don’t ignore them.
Whether it’s in the cloud or via a local storage device, ensure your data is backed up, and backed up on a regular basis. Yes, this is simple advice—we’ve been hearing about the importance of backups for decades—but it’s rather amazing how many companies don’t regularly back up their data. They fall into the I’ll get around to it mentality, which often means they’ll get around to it after a cyber attack. Please don’t do this.
There are so many great and simple storage options today that there’s really no excuse for not taking advantage of at least one. Here’s a great one–Flash storage. It’s great and makes backing up data easy and super-fast (yes, that’s why it’s called flash). And it doesn’t require power to maintain the data it stores. And it’s super durable; there are no spinning disks inside that get screwy if bumped or dropped. High-speed, durable, reliable, and affordable. Sounds good, right?
Like software upgrades, customers receive security patches from third party applications (Adobe, Java, et al.) for a reason. They don’t just send them out willy nilly just for kicks. They patch security gaps. You wouldn’t remove the locks on your house. If you don’t take heed of security patches sent out, that’s essentially what you’re doing. Ignore them at your own peril.
Only provide application administrative rights to a few key users. Everybody wants them, but don’t grant them simply because you want to get those who request them off your back. And if you discover that you’ve already granted too many employees with admin rights, consider whether they really need them. Sure, if you take them away, you’ll be limiting user functionality (and maybe making a short-term enemy), but remember, it’s all in the name of security. You might get some complaints, but you’ll get over them faster than the time (and expense) it takes to get over a cyber breach.