Larger organizations seem to make all the headlines when they have a security breach, but even smaller organizations are targets for hackers as well. 2014 became the year in which small to medium-sized organizations were actually the biggest target of cyber attacks.
Listed below is a cyber security checklist to help prevent your organization from succumbing to an attack and becoming another cyber crime statistic.
1. Identify Vulnerabilities
The first step is determining where vulnerabilities exist within your system. To identify potential risks, inventory all your physical assets and list each one that has an access point to your data. Identify every user that can access your systems, regardless of how much or how little they actually have access to. Your IT personnel should regularly scan for intrusions and establish that encryption practices are current and enforced. If they have not already done so, your IT staff should develop a response plan to map out what to do if/when a breach should occur.
2. Safeguard Proprietary and Customer Data
Hardware can always be replaced, but data is essentially the lifeblood of any organization. Whenever a company shares their data with a third-party by way of an external portal, it increases their risk for a data breach. Companies need to evaluate those they share information with and establish a policy which states they only share data when necessary. The external portals should also be isolated from the rest of the company’s processes.
3. Tighten Mobile Security
Identify users of corporate mobile devices and train them in the proper use of passwords and encryption processes. Mobile devices are increasingly becoming the premiere choice of hackers, so companies must ensure users only have access to “need to know” corporate data through their mobile device. IT staff need to retain remote access of these devices in order to wipe them clean in case of a security breach.
4. Review Security Measures on a Regular Basis
Companies should regularly update their response plan with identification of any indispensable system elements as they are added over the course of time. IT staff should apply updates and patches on a regular basis and implement a schedule for changing passwords. Malware checks should also be performed regularly, along with system backups.
5. Data Recovery
If the previous steps were faithfully completed, the last step should hopefully execute fairly smoothly if a cyber attack should ever occur. IT staff should regularly check for the availability and accuracy of data backups, along with ensuring redundancy systems are current. If an attack should occur, it is best to re-evaluate the entire recovery process. Hackers often make a second attempt over the same path if they were successful the first time.
Questions about cyber security readiness? Contact us.