Businesses face numerous security threats. Will yours be able to defend itself against the latest attack? Here are a few practical tips to take a proactive approach to potential security threats:
Control internal access. Adopt a policy that lays out clear boundaries for what employees can and cannot access. Privileges should be based on well-defined roles. Of course, you’ll want to ensure passwords are not shared, are changed frequently, and you have measures in place to restrict or modify access. Create a policy that defines such actions and updates it regularly. Don’t stop with current employees. Think about potential risks outgoing workers might pose. For this reason, implement confidentiality and non-disclosure agreements so they can’t walk away with company property or data and use it for unacceptable purposes. Many businesses — large and small — afford too much access to critical information.
Implement a policy covering mobile devices. A recent study shows that nearly three-quarters of small businesses have no policy regarding downloading apps to company-owned phones and other mobile devices. Yet downloading apps is a common way to get malware. Communicate the risk to your employees and set a specific policy in regards to downloading apps along with the overall use of company-owned electronics equipment. More stringent policies should be in place for the management of any devices that contain private company or customer data.
Foster an environment of security. Make educational resources on security available to staff. Sessions or workshops might provide an overview of logistics and basics of security, but also can address such topics as the psychology and known techniques of social engineering hacks.
Have a contingency plan in place. In the event of a security breach, any organization should have a “Plan B” ready to implement. A contingency plan can be executed in the event an attack penetrates the system and damages data or any other assets. This plan can prevent a business from having to temporarily shut down operations while resolving the problem. The plan’s ultimate goal is to maintain the availability, integrity, and confidentiality of data. According to Microsoft, the contingency plan should:
- Address who must do what, when, and where to keep the organization functional.
- Be rehearsed periodically to keep staff up-to-date with current contingency steps.
- Cover restoring from backups.
- Discuss updating virus software.
- Cover moving production to another location or site.
