Cyber-criminals have advanced tools and techniques at their disposal as they attempt to steal and sell valuable information. Let's explore the best practices for keeping your business data secure and the tools available to protect and streamline your business data networks and security protocols.
1. Create A Documented IT Security Plan
Our IT assets and information management form the backbone of modern business. Every member of your organization may need some level of access to the information you seek to keep secure. Having a formal written plan will give your organization a strategy for today's threats and the flexibility to address new ones as they arise.
Your data security plan should contain the following elements and, possibly, others specific to your industry regulations:
- A Mission Statement that outlines the importance of network security to your business.
- Clear identification of the governance team or oversight committee that will enforce it.
- An outline of specific objectives or initiatives and a process to create new ones as needed.
- Specific steps outlining incident reporting and response procedures for security breaches.
- A comprehensive plan that includes personal devices and secure data erasure criteria.
- Personal devices and equipment used by remote workers or high-level leaders incorporated into the plan.
- A policy incorporating background checks for new employees or those who are being granted access to secure data systems.
2. Educate Employees About Network Security
Make sure all employees and managers are aware of data security protocols and the consequences of a data breach throughout your organization. Plan a presentation for each department and address questions specific to their job function. Adding reminders and announcements to your applications and programs will help keep network security on the minds of your team members.
Your communications with employees should address these areas:
- New employee onboarding should include training on network and data security requirements.
- Twice yearly “all hands” meetings can improve awareness of current security threats and new policies as they are implemented, as well as encourage a full understanding of the critical need to protect sensitive data.
- Clear understanding of the consequences of failing to comply with network security requirements will motivate employees to follow guidelines each and every time.
- An easy-to-use system to report possible data breaches and recognition of employees who use it to voice concerns keeps morale high as new security protocols are implemented.
3. Maintain Protection Against Malware, Ransomware, And Viruses
Malware, ransomware, and viruses are malicious software programs that sometimes cause immediate dramatic issues and other times are designed to go undetected in your network as long as possible. As hackers create new code to evade established security tools, the tools used to combat these threats must be of constantly updated.
Include these malware protection guidelines in your security plan as well:
- Use firewalls, with clearly defined and approved exceptions, to scan and verify all other sites and network traffic.
- Limit email attachment sizes and scan all email traffic for viruses or malware, and keep employees aware of the risks of opening emails on business systems that are not business-related.
- Restrict access to high-risk sites where malicious software routinely waits to infiltrate your system, including social media sites, free image download sites, and instant messaging apps.
- Direct employees to report any unusual behavior on the system, especially prompts to install software or ones that claim the system has been infected. Assure employees that it is the IT department's responsibility to install updates or remove viruses and, unless they are specifically told to do so, they should not change security or update settings on their computers.
4. Keep Operating Systems And Business Software Up To Date
Keeping your servers and network assets on the most up-to-date version of the operating system will provide the best protection against security threats as they are identified worldwide. While it may be tempting to put off software updates because the system is stable and running smoothly now, using old versions of software leaves vulnerabilities for hackers and data thieves.
Managing all equipment from the server side as much as possible will allow your business to plan and put updates in place with limited disruption to business and keep everyone “on the same page” with little effort from employees whose area of expertise is not data security. This also allows for an automated data erasure procedure and a centralized log of all update activity.
Route all new computers and network devices for consistent and secure setup, including updates of all relevant software. Use automatic backups to create restore points for all systems should malware make its way in. Managing your network as one cohesive and secure system will help eliminate backdoors and security loopholes.
5. Pay Particular Attention To Your Wireless Network
A wireless network is a necessity of modern business, and an area often overlooked when it comes to security. Data thieves often focus on the wireless system as a way to get into the network. These tips can help lock down the information and prevent unauthorized access:
- Keep the wireless routers and their cables out of reach and inaccessible to physical contact to prevent resets or tampering.
- Do not use the default logins or standard IP schemes, and disable remote access to router settings.
- Enable encryption and keep the passwords and settings on a need-to-know basis.
- Make sure that the network name does not provide any clues as to what is behind the firewall.
- Just like computers, routers need updates, particularly to the firmware, so checking for security patches and staying up to date is vital for routers.
- Utilize the router firewall as the first line of defense.
- If guest wireless access is desired, establish a limited and logged protocol that allows this while preventing access at the employee level.
6. Implement A Strict Password Policy
The easiest way to get into a secure network is to gain access to a password. While implementing a strict and complex password policy is the simplest way to prevent these breaches, it may cause some push back from users and a temptation to write things down in order to keep track of the latest password.
Some considerations for your password policy are:
- Utilizing passwords that are eight characters or more and including numbers and nonstandard characters.
- Preventing the use of names, the company name, birth dates or dates of special occasions, and commonly used words.
- Requiring passwords to be changed at regular intervals.
- Using a secure password management service to help users store or access their passwords safely.
- Creating levels of access so that more secure databases require additional passwords to access.
- Controlling access to those who have a business need for it, and immediately removing access from those who change positions or leave the company.
- Reviewing access logs and reports regularly to identify issues with passwords or network access.
7. Timely Destruction Of Data And Equipment At End Of Life
Why is data security important to your business? Because information is powerful and valuable in today's world. Security protocols should outline when and how customer data is destroyed when its business use is complete.
By destroying sensitive data as soon as their need has been fulfilled, there is less information available to be stolen or misused, and your organization will not be responsible for losses customers sustain if their information is stolen long after it should have been destroyed.
Timely data destruction and disk wiping of old equipment before disposal are essential parts of your data security strategy.
New threats to your network security are always emerging. Partnering with companies that specialize in secure data management and destruction can take some of the load off your IT department and help fulfill your organization's responsibility for proper data management.
If you have questions about how WipeDrive can help your business keep data secure, give us a call at 801.224.8900 or request a free trial from WhiteCanyon Software. We have helped the most secure government and private sector agencies manage their data security.