Cyber threats are the stuff of nightmares for COOs and managing partners of small- and medium-sized businesses. Eighty-one per cent of security breaches happen to organizations of your size, and 97 per cent of them could be prevented. That’s a lot of risk and a lot of responsibility on the shoulders of someone who may not have a lot of training. This checklist will help you make sure you’ve stopped the leaks and donned the armour to keep those cyber threats at bay. It can also help you determine when it’s a good time to call in reinforcements.
Conduct a security risk assessment
Establish a baseline and identify existing vulnerabilities so you can close them. Be sure to make note of the date the assessment is completed. We've written another article that outlines what to include in your security assessment.
Secure your email
Most attacks originate from email, so it’s important to secure this vulnerability. Choose a service designed to reduce spam and decrease the potential for attacks on your staff via email.
Apply security policies to your network
Examples include denying or limiting USB file storage access, enabling enhanced password policies, setting user screen timeouts, and limiting user access.
Train your staff
Teach your employees about data security, email attacks and your policies and procedures, and offer regular refreshers. A good IT service provider will offer both web-based training and security policy templates for you to use.
Monitor accounts and passwords
To be proactive in preventing a data breach, you need to know in real-time what accounts and passwords have been posted on the dark web. Your IT provider should have ongoing monitoring in place so action can be taken as soon as credentials have been compromised.
Are your employees' passwords for sale? Find out for free.
Implement advanced endpoint detection and response
Anti-virus software isn’t enough to protect your data from today’s malware, viruses and cyber attacks, including file-less and script-based threats and ransomware attacks. Instead, you need advanced endpoint security.
Use multi-factor authentication
This adds an extra layer of protection to ensure that, in the event your password is stolen, your data is protected. Use multi-factor authentication whenever you can, including on your network, banking websites and even social media.
Update your systems
Protect your computers from the latest known attacks and close system vulnerabilities by updating your software and systems on a regular basis and whenever a patch or critical update is issued. A good IT service provider will automate this process for you.
Encrypt your files
The goal, whenever possible, is to encrypt files “at rest” and “in motion” (think email), especially on mobile devices.
Use web gateway security
Internet security is a race against time. Cloud-based security programs detect web and email threats as they emerge on the internet and block them on your network within seconds, before they reach your people.
Implement backup and recovery protocols
Back up locally and in the cloud, and test your backups often. Determine how long your business can function while waiting for all your information to be restored. Is it hours? Days? Weeks? Define what is acceptable and implement recovery protocols to meet these requirements.
Put up a firewall
Turn on intrusion detection and intrusion prevention features and send the log files to a managed SIEM. (If your IT team doesn’t know what these things are or how to turn them on, it’s time to talk to us!)
Use your SIEM logs
Security incident and event management (SIEM) is a Big Data methodology that analyzes the information collected from all events and security logs on all covered devices to protect against advanced threats and meet compliance requirements.
Conduct vulnerability testing
There are many ways a criminal can breach your defenses, and not all of them are high tech! Test your systems and your staff regularly using “white hat” hackers to ensure there are no holes in your security.
Secure mobile devices
Cyber criminals attempt to steal data or access your network by way of your employees’ phones and tablets. They’re counting on you to leave these devices open to attack. Mobile device security closes this gap.
Get cyber insurance
If all else fails, protect your income and business with cyber damage and recovery insurance policies.