News —

Cybersecurity Checklist

by / Friday, 03 November 2017 / Published in News

It’s no secret that small-and-medium sized businesses, or SMBs, have become the primary target for cyberattacks. In a recent report from Ponemon Institute, we learned that 50% of small businesses experienced data breaches in 2016.

As hackers are continuously evolving their methods to breach systems, it can be difficult for any business to stay on top of their data security. Developing a list of best practices to keep systems secure is the best place to start. The following checklist is designed to help businesses build the foundation behind their data protection methods that can combat cyber threats as they evolve.

  • Assessing Risk: Conducting regular cybersecurity assessments is the best way to keep security measures up-to-date. Begin by researching the current landscape of cyber threats, like ransomware. Understanding how much downtime and money a breach could cost is essential in building a cybersecurity strategy. From there, a business can begin constructing a plan to keep systems secure.
  • Employee Training: Keeping employees current on the most common cyber threats is crucial. Schedule annual training for current employees and add it to onboarding the new employees. This will keep staff on the same page about current and best practices to prevent breaches.
  • Network and Device Protection: There are a few easy steps you can take internally to keep your network safe. To begin, set up password polices requiring strong passwords that expire after 90 days. Firewall, VPN, and antivirus will also protect your network’s endpoints. Multifactor authentication is also common practice to ensure people outside your network can’t easily gain access to accounts. Lastly, regularly monitoring a network and encrypting hard drives is a must.
  • Software Updates: Keeping software up-to-date is key. Hackers exploit vulnerabilities when they find them, so keeping software as current as possible is a must to keep a network secure. Patch management software can help keep track of updates as they become available and easily make changes.
  • Simple Cybersecurity Policies: In addition to regular employee training, keeping a cybersecurity policy documented will serve as a great reference for staff. The policy should define a clear set of rules and instructions for employees to practice.
  • Data Backup: If a cyberattack does break past your defenses, having a backup solution in place is the only way to ensure you can get back to business. Implement a solution that takes multiple, daily backups. A strong backup solution will conduct incremental backups, so no single backup is dependent on another, and a business can recover to any point in time before an attack.
  • Enabling Uptime with Instant Recovery: A modern data protection solution will offer “instant recovery” of data and applications. Keeping backups of your data is step one, being able to rapidly restore it is step two. Application downtime equates to lost revenue. Choose a data protection solution that succeeds at backing up data in the most intelligent way and can restore quickly.
  • Keep track of Where Data Lives: When data lives in multiple places, it becomes easier for unauthorized individuals to compromise your systems. Keeping track of where your data lives is a huge piece of the security puzzle. The more places data exists, the more likely is it that unauthorized individuals will be able to access it. Avoid “shadow IT” with business-class SaaS applications that allow for corporate control of data.
  • Controlled Access: Implement a key card system to control access to your facilities. Enforcing strong password policies is also necessary in a secure work environment. Your IT staff should be the only ones with administrative privileges, as they will be vigilant about keeping systems and software up-to-date.

In today’s cyber environment, keeping data secure is crucial, but it’s a lot easier said than done. By following the 9 pieces of advice listed above, businesses can take the right steps toward a total cybersecurity strategy.