Top 10 Tips For Improving Your Company's IT Security
In insight / By Lydia Cooper / 19 November 2018
Improving IT security is a priority for most businesses nowadays. It is expected that businesses will spend at least $1 trillion on cyber security between 2017 and 2021. With cyber attacks more common than ever before, companies are extremely worried about becoming the next victim. According to the Ponemon Institute, 7 out of 10 organisations feel their security risk increased during 2017. This is no surprise considering that the FBI said that as recently as 2016, there are over 4,000 ransomware attacks a day - this was a 300% increase on 2015. With such a spate of attacks globally, those businesses that aren’t appropriately secured will come under threat from an attack.
According to a Symantec Threat Report, 82% of lost or stolen data could have been prevented if a business follows an internet security plan. Secure practices don’t have to be complex, and you can follow simple tips for improving your company’s IT security.
1. Know the basics and your vulnerabilities
You should know as a business whether your data is held on-site or via a cloud platform. A business should also know whether its in-house IT department or outsourced provider is in control of its system. Once you know who is protecting what and who, basic protection must be put in place to protect all of the business. Essentially, firewall, anti-virus, and anti-malware software must be installed.
It is from this that you can see where your vulnerabilities lie. From this, find systems on the market that will eliminate those vulnerabilities. The cost will be a factor when it comes to deciding the right package for you, especially for small businesses. However, once you know where you need to improve you can make the necessary changes when it is viable.
2. Have a cybersecurity policy
A cybersecurity policy is a set of guidelines put in place so all staff understand what is expected of them in the event of an attack. All staff must be aware of this policy and must study it closely. Cybersecurity awareness can be an effective tool as staff will know exactly what to look for. However, a policy is only effective if someone is in place to enforce and monitor its implementation. A senior manager who oversees company security as a whole should be given this responsibility.
3. Set access levels for staff
With firewalls preventing external access to documents, it is important that you turn your attention to potential threats from within. Only certain staff members should be authorised to view sensitive information. Dedicated folders or servers prevent disgruntled or coerced employees from accessing information that they shouldn’t.
A secure cloud software such as Nasstar’s regulatory compliant ‘Dropbox style’ hosted solution allows administrators to create secure folders and restrict access to particular files. It can also prohibit the sharing of sensitive files with a third party. With the files protected by a secure data centre, they won’t ever leave there.
4. Have a BYOD policy
With 13.7 percent of the UK workforce working from home, more devices are being used to complete tasks. Employees also like to bring their own personal devices in to complete work in the office. With business data being shared across these devices, strict guidelines need to be put in place in terms of usage. Two factor authentication is a must as it provides an extra layer of security when someone logs in from a new device. This way if it is somebody hacking in, they are less than likely to have access to the second factor required to log in.
Software such as Nasstar’s Mobile Device Management ensures all devices have administrative control and that group policies are enforced to keep data secure. Admins can also remove data, execute password resets and device locks remotely if data could be compromised. Microsoft’s Enterprise Mobility Suite can provide employees access to vital files while keeping corporate information secure from dormant cybersecurity threats, no matter the device used.
5. Encrypt sensitive data
When working with any type of sensitive data (client data or data shared by a third party) then you must ensure it is safeguarded. One solution is to implement full disk encryption (on Windows PCs) so that your data won’t fall into the wrong hands during an attack.
The website linked to the business needs to be on a secure HTTPS to prevent data from being accessed between browser and server.
Your business could also implement an email encryption platform enables a business to securely send, receive and track emails with coworkers, customers, and other businesses. This will ensure that no data can be sent that shouldn’t, and also monitors those who attempt to complete such actions. It also protects mobile devices accessing emails as well.
6. Protect your partners
Your partners are important to your business, but hackers can use them as a way to infiltrate a larger business. This is why it is vital for your suppliers/clients that you secure your own perimeter. This could involve ensuring appropriate authorisation and authentication is put in place. Firewall and anti-virus software can also be set up on every device to support this. A secure gateway can provide your business with an extra layer of anti-malware security that protects your users from web-based attacks.
Deals between partners can be agreed, but the contract needs to be signed digitally. This sensitive information between two businesses needs to be protected. Software such as Nasstar’s digital signing platform protects signed documents sent between home, office and mobile devices - it’s also legally binding.
7. Have a recovery plan
Every business needs to be prepared for a potential loss of data. Even the most secure of systems can be infiltrated, so you must always have a plan in place to deal with the situation. Anti-virus software and firewalls can alert you of unusual activity, letting you put the recovery plan in place.
Even if you have a secure cloud platform that can also recover potentially lost files, you should keep a copy of vital documents elsewhere on a physical hard drive. This way you can access this and use the file to replace what was lost elsewhere.
8. Password policy
Password hijacking is a common cyber attack. Hackers will gain access to secure files due to an employee being allowed to have a weak password for a significant amount of time. Having a simple password and not changing it regularly increases the level of risk to a business. A password protection policy that forces frequent password changes can minimise this risk. You could even implement a random password generator that can make strong passwords that are unique and impregnable.
9. Keep your computer up to date
This is one of the most basic tips a business can follow to improve a company’s IT security. As operating systems release regular security patches, it is vital that all computers are updated at the same time. A computer usually does this automatically but this has to be monitored. The IT department must make sure that no computers are out of date as it will leave them vulnerable.
10. Vet new employees and providers
Preventing cyber attacks can start at the recruitment stage. Official background checks must be made on prospective employees to check on criminal convictions. You should also check contracts between technology vendors and service providers to ensure they are complying with relevant regulations. If you use third parties that have access to any customer data you provide them with, check their security, data protection procedures (including GDPR) and personnel.
Secure IT Services with Nasstar
Nasstar follows these tips for improving IT security on a daily basis when providing IT services to industries including legal, recruitment, finance, media and property. Whether your business is looking for a secure hosted desktop or managed networks, we will ensure your business is secure from cyber attacks. Contact us to see how we can help you.