10. Everything is connected.
As the Internet of Things adds more and more devices to our networks, it creates more doors and windows for cyber criminals. Keep them locked.
9. Ransomware is on the rise.
If you don’t want to end up paying to access your own data, then make sure that you protect it properly and back it up regularly.
8. Take care in the cloud.
You need to have a clear picture of cloud services in use and put your cloud providers to the test to ensure that they meet your security standards.
7. Be wary of software.
Open source and off-the-shelf software often contains known vulnerabilities that make it easy for attackers to get your data. Do your homework and choose wisely.
6. Always encrypt.
Encryption should be mandatory for all of your data in transit and, ideally, at rest as well. Make it more trouble than it’s worth for attackers.
5. Control access.
If someone doesn’t need access to a file for their work, then they shouldn’t have it. A proper system of permissions backed by authentication can protect your business.
4. Log everything.
A complete audit trail that establishes who accessed what and when can help you identify suspicious activity in real-time and trace the root of any problem that arises.
3. Educate and enforce.
Create a security policy that educates employees about suspicious emails, smart password use, phishing and social engineering. Install automated protections, because tricking people is still the easiest way in for criminals. Ensure that systems and employees properly implement security procedures.
2. Test your defenses.
You can spend as much as you like on a security system, but you won’t know how well it works until you put it to the test. Third-party experts will help you find gaps and tighten things up.
1. Stay up to date.
Most data breaches occur after known vulnerabilities are exploited. A stringent policy of patching and updating makes things much tougher for cyber criminals.
This article was originally posted in the Worcester Business Journal