Photo by Hillary Ehlen
Routine backups are the single most important thing you can do to protect your company and its data. Backups come in many different shapes and sizes, but even a basic copying of files to an external hard drive can be incredibly helpful in the face of a disaster or computer virus outbreak. For organizations of any size, the cost-effectiveness and level of protection granted from cloud backups are worth the investment.
After backups, the effectiveness of measures to protect your organization change by your individual needs. This is often where security professionals can help you determine what’s important and needed for your organization. Here are a few things to get you thinking.
When it comes to company credit cards, only give those in your company authorization to make purchases, and limit their spending amounts. This is the exact model you should have for your company data across the board. Individuals should only have access to information that they need to perform their job roles.
By limiting what information individuals can access, if they or their account are breached, intruders can’t obtain the keys to the kingdom.
Successful and routine backups are great, but hey don’t mean jack if you can’t restore from them. Make it a serious habit to attempt to restore data from your backups and confirm its quality.
Enable and, more importantly, enforce device encryption. Without it, if someone steals your device, they can just pull out the hard drive and read your files like they plugged in a USB thumb drive. Back up your encryption keys!
You should have at least one. It should be configured correctly and checked routinely for firmware updates and modifications to access rules. And that’s the bare minimum. This draws a “perimeter” around your primary network and makes it far less susceptible to network-based intrusions. Network security gets far more complex than a single firewall, but you have to start somewhere.
Email spam filtering is incredibly helpful in protecting individuals from accidental fatal clicks. Spam-marked email should only be opened from trusted senders, and your email administrator can white-list them for future communications. This helps cut down on the amount of phishing e-mails as well.
Phishing is the use of social engineering to instill trust and gain access to your environment. These are your modern-day con artists, and they can go to extreme lengths to fool you into believing their legitimacy. The best pose as legitimate business opportunities and eventually profit on your behalf.
Training is particularly effective for businesses with a strong online presence. Cybercrime changes just as fast as technology does. Keeping your staff aware of the latest scams and phishing techniques protects your front line from unneeded exposure.
If you’re using any cloud services, you should be managing all the devices that access that data. This includes: computers, cell phones, tablets and anything else with an internet connection.
The management of devices helps improve device security and antivirus patching. It also enforces the use of passwords and can disable certain functionality of devices such as a camera or a web browser, if needed. In a worst-case or lost-device scenario, you can remotely wipe the devices, so you don’t have to worry about your data on a missing device.
Most cell phones today contain some sort of biometric reader such as fingerprint or facial recognition. This can be utilized for tight security measures to authenticate users to company data.