When It Comes to IT Security, It’s Never a Wrap
Loyal readers of IT Radix Resource know that over recent newsletters we have run a series of articles about Information Technology security. Each edition focused on a particular role within an organization—from the front desk to the C-Suite. As we come to this final installment, we would like to say, “that’s a wrap!” on security. But we cannot. There is no finish line when it comes to data security... it is NEVER a wrap. IT security is a constantly evolving entity and, honestly, is not convenient. That is just something to accept, because to think or act otherwise is just plain risky.
With this in mind, here are ideas to keep security top of mind across the entire organization. This is especially important as we remember that over 90% of security breaches are due to one thing: human error.
Over 90% of Security Breaches Are Due to One Thing: Human Error
Awareness: Security is not the responsibility of just one individual or department. Each person creates, modifies, transports, and stores valuable information. All must be aware of their duty to safeguard that data and how to do so. Educating and training staff regularly on their roles in data security—with an emphasis on how they, the front line of security, can identify potential risks in emails and websites—is invaluable. Keeping security top of mind especially as it relates to how they interact with vendors, contractors, and partners is vital.
Password Policies: No one likes challenging passwords; it is in our nature to choose the easy way. DON’T! Put in place and enforce strict password policies that require long, complicated passwords that must be changed regularly. And ensure that email passwords are never used for any other resource. Email passwords are the entryway for most attacks. Use of a secure password manager is strongly recommended. Ensure that this policy applies to all. No C-Suite personnel are exempt!
Data Classification: Each departmental area must control their key data needs. Each should have an inventory of files and databases, clearly in place actions that seal off data for all except those in need.
Asset Management: Identify and secure all devices that touch your network in any way and secure them regularly. One unpatched laptop or even an errant Xbox in the employee lounge could provide all the access a hacker needs to eliminate your business. All staff should have a keen eye for any hardware that seems out of place.
Security Policies: This goes well beyond passwords and includes setting standards for use of devices and access to company data for employees and anyone who touches your network. Create, set, and enforce strict policies here. This cannot be overemphasized.
Access Limits (Staff): The concept here is the assumption that no one needs access to any data, rather than who does not need access. Taking that approach is more stringent and effective. Additionally, when connecting remotely, require secure access via VPN with at least Two-Factor Authentication.
Access Limits (Software): Beyond limiting human access, the next step is limiting software access. The idea is a No Trust Policy when it comes to applications that can/should run on company machines. Consider whitelisting solutions so that only pre-approved software is allowed to run on your network machines.
Hardware and Software: Be sure your network is protected by an enterprise-grade hardware firewall that can be configured to screen all packets of data attempting to enter your network. The firewall can also limit access to certain types of websites that are more prone to problems. Be proactive in updating all hardware and software by patching regularly, using endpoint security antivirus solutions, and being aware of end-of-life dates. Secure devices by always encrypting them and consider software that facilitates a remote lock if the machine is misplaced or stolen.
Be Aware and Act Fast! Think before reacting to any suspicious emails or phone calls, especially any that create a dire sense of urgency. When suspicion arises—whether it be an email, a website, a phone call or an infected machine—quickly pull the plug and shut it down!
As always, the IT Radix team is here to assist in adding layers of security to protect you and your business. Need help securing your data? Contact IT Radix today…we’re dedicated to being your trusted IT security advisor!
First published in our May 2022 IT Radix Resource newsletter