How to give your company a Security Check-Up
It’s common for companies to believe they’re somehow flying under the radar when it comes to cyber security. In the news you hear about large, top 10 cities getting hit by ransomware, Twitter’s recent hack, or information about customers of large retail chains having their credit card information stolen, then sold, on the dark web. It leads companies to believe that cyber attackers are only focusing on the biggies, those corporations and large municipalities that will get them more bang for their buck and, as a result, appear on the nightly news. Sure, they want the big guys, but they’re after your company, too. Here’s a tip—give your company a Security Check-Up.
Regardless of whether your company employees 5 people or thousands, you’re not flying under the radar. Sorry. That’s why it’s a good—nay, great—idea to conduct a Security Check-Up. Don’t freak out; it’s not hard, but it’s critically important. The goal is to uncover, then cover, any gaps or easy access points in your attack surface.
Here’s how to conduct a Security Check-Up for your company or organization. They’re not listed in any order of important because, well, they’re all important.
Implement security training for your employees
To provide security training, you don’t have to rent the Boilermaker Ballroom at the Ramada Inn for the day. It doesn’t have to take a full, even half, day. But providing training is hugely important because the greatest threat to digital security is employees. That’s not to say they’re up to no good, but they are most often how unintentional gaps are created and access points exposed.
You may get a few eye rolls when you talk about the importance of not opening emails and attached files from unknown senders, but all it takes is that one employee who doesn’t pay attention. Here’s how to make it real simple; if nothing else, make sure you impart this advice—have them ask themselves prior to opening a link or attachment:
- Do I know this sender?
- Do I need to open this file or click on the link?
If they answer ‘no’ to one of both, they’ve got to resist the temptation to investigate further, even if they’ve been promised a picture of the POTUS that they’ll never forget.
Have you installed Antivirus? Is it up-to-date?
While this isn’t a security panacea, it’s a simple and inexpensive first line of defense. Also, make sure you’re running the latest version. Security is a cat and mouse game. When the mice get smarter and craftier, the cat needs to address this craftiness by improving and upgrading its software. Those updates are there for a reason. Don’t ignore them.
Are you maintaining Back-Ups?
Whether it’s in the cloud or via a local storage device, ensure your data is backed up, and backed up on a regular basis. Yes, this is simple advice—we’ve been hearing about the importance of backups for decades—but it’s rather amazing how many companies don’t regularly back up their data. They fall into the I’ll get around to it mentality, which often means they’ll get around to it after a cyber attack. Please don’t do this.
There are so many great and simple storage options today that there’s really no excuse for not taking advantage of at least one. Here’s a great one–Flash storage. It’s great and makes backing up data easy and super-fast (yes, that’s why it’s called flash). And it doesn’t require power to maintain the data it stores. And it’s super durable; there are no spinning disks inside that get screwy if bumped or dropped. High-speed, durable, reliable, and affordable. Sounds good, right?
Don’t ignore Security Patches. You don’t have to be an IT professional to add them.
Like software upgrades, customers receive security patches from 3rd party applications (Adobe, Flash, Java, et al.) for a reason. They don’t just send them out will nilly just for kicks. They patch security gaps. You wouldn’t remove the locks on your house. If you don’t take heed of security patches sent out, that’s essentially what you’re doing. Ignore them at your own peril.
Who has Administrative Rights? Do they really need them?
Only provide application administrative rights to a few, key users. Everybody wants them, but don’t grant them simply because you want to get those who request them off your back. And if you discover that you’ve already granted too many employees with admin rights, consider whether they really need them. Sure, if you take them away, you’ll be limiting user functionality (and maybe making a short-term enemy), but, remember, it’s all in the name of security. You might get some complaints, but you’ll get over them faster than the time (and expense) it takes to get over a cyber breach.