5 Absolutely Essential Cyber Security Policies Your Company Needs To Implement

5 Absolutely Essential Cyber Security Policies Your Company Needs To Implement

2017 seems to have been the year of the cyber attack.

We’ve written in the past about attacks on Equifax, Deloitte, DLA Piper, and all manner of ransomware attacks. But these are only some of the many major issues we’ve faced in 2017.

A report from Cybersecurity Ventures predicts that by 2021, cyber attacks will cost the world $6 trillion in overall damages. To compare, in 2015 the number was half that.

On top of this, data analysts at Microsoft predict that by 2020 there will be 50 times as much data moving across the internet than today. This is due to many different factors, including the increased prevalence of Internet of Things technology. When your alarm clock, coffee maker, refrigerator, air conditioner, vacuum cleaner, and car all send data across the internet, it’s hard to argue this point.

As your company becomes more and more reliant on the possibilities of the internet to share information, how can you protect yourself from the very real cyber security threats out there?

Here are 5 absolutely essential it security policies your company needs to implement.

1. Have a password system

As we’ve mentioned before, the most commonly used passwords online are all incredibly simple. “12345”, “qwerty”, and “password” routinely make the top 10 list.

Add to this the fact that most usernames are fairly easy to guess if you know a bit about the user, and brute force attacks become much more dangerous.

Imagine going to your biggest client and telling them you lost their private data and have potentially caused tremendous losses, and all because you had a weak password. Not only is this embarrassing, it could also cause you to lose that client’s confidence. After all, who would trust a company that doesn’t take security seriously?

Specifying a minimum password length, and requiring the use of special characters can improve the security of your systems and thwart a number of attacks. You can also use a password generator to provide your users with a secure password.

“But it’s too long and too hard to remember,” you may already hear your employees complain to you. That’s okay. A password management software, like 1Password, KeePass, or Keeper Security can help.

You should also consider using multifactor authentication strategies.  This is where the authentication credentials are a combination of something you know, like a username and password, with something you have or something you are, like a one-time password or fingerprint.

2. Have Specific BYOD Rules

These days, BYOD (Bring Your Own Device) is becoming more and more popular. And it makes sense – why would you provide a device for your employees when they already have their own in the first place?

But here’s the problem: imagine one of your employees brings their own laptop to work. But imagine the night before, they were using that very same laptop to stream the latest episode of Game of Thrones from a disreputable pirate website, or downloaded it via torrent.

They show up for work the next day, log in to your systems dutifully, and get ready to start the day. Little does this person know, that TV show came with a sneaky little keystroke logger embedded into their device. When they log in, the username and password information is sent to a malicious third party, and they now have access to your systems.

This is just one plausible scenario – there are hundreds more.

By restricting the activity permitted in a dedicated BYOD environment, you can protect your organization from many of the security risks online. If you’d like to take it a step further, you can install software that restricts their device only to approved activities, though these in themselves are not always bulletproof.

3. Provide Basic Security Training

1st Secure IT data loss prevention cyber and IT security services risk management protection firmCyber security doesn’t just stop at the digital world. The truth is that most data breaches are caused by preventable human error.

Take, for example, the following situation. It’s the day of the big meeting, and you’re getting ready to sign the biggest client in your life. This new business will mean an impressive amount of new business for your company, and everyone is on their best behaviour. Optimism is high, but so is tension.

Five minutes before the meeting starts, someone calls your secretary. They need a report, without that report the negotiations will fail, the meeting will crumble, and the boss will be very displeased. The secretary, flustered, sends the report over to the email address the voice on the phone provided.

Except the voice on the phone has nothing to do with your company.

Here’s another one. You’ve arranged a meeting with a prospective client. The client arrives early, and asks the secretary if they can use the washroom. They use this opportunity to sneak into a nearby office where someone else has also stepped out for a moment without locking their door or computer screen. The person you thought was a prospective client plugs a USB drive into the computer and copies as much information as they can before returning to the waiting area.

These are two such social engineering hacks that aren’t directly IT related, but can nonetheless cause a major issue in your IT security. Having your staff prepared for such instances can go a long way toward halting these attacks.

4. Have An Emergency Response Plan

Chances are, if your employees are all centrally located, you have some sort of disaster management plan.

If you’re based out of Florida, for example, you’ll have a plan in case of hurricanes. And if you’re in California, you’ll be prepared for earthquakes.

But do you have a plan for responding to a cyber security attack?

What will you do if your data is stolen? Whose responsibility will it be to respond to such a situation, and what will their roles be? How will you examine the situation, discover the breach, and attempt to recover the lost data?

An IT security breach can be a terrifying experience, and in the case of a ransomware attack it can actually bankrupt a smaller firm. Having a plan in place before disaster strikes, though, can help you mitigate the stress and chaos of the situation and deal with it in a calm, rational manner.

5. Hire An IT Security Company

Businesses large and small should have an IT security company on their team to ensure their data remains secure.

If you’re housing sensitive data, you can’t afford <em>not</em> to implement an IT security company. Contact 1st Secure IT today to find out how you can improve the security of your systems, reduce the risk of security breaches, and gain the peace of mind that can only come from knowing your business is in the hands of a best-in-class cyber security team.

Contact 1st Secure IT to keep your business safe today.

1st Secure IT

4613 N. University Drive #323
Coral Springs Florida
(866) 735-3369

Cyber Security Risk Management and Consulting Services | 1st Secure IT | When Compliance Is Not Enough

How Executives Should Respond To IT Security Breac...
What Is The 3-2-1 Backup Rule?


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, 19 August 2019

If you need help getting started... Contact Us!