A friend of mine sent me an article this morning and I found it very interesting. The article was dealing with Cyber Security and the threat cyber attacks pose to every business. In the article, DHR International states that only 37 percent of boards have a plan in place in regards to cyber security and 58 percent don’t practice for a potential breach. I was surprised because news organizations cover most major breaches. We hear the stories of the many millions it costs places like Target and Michael’s and the Federal Office of Personnel Management.
“What do you currently have setup?”The first thing you need to do is to assess where you are at. If you don’t have a baseline, it’s hard to know how to improve. Some of the things you should look at are:
- Do you have a UTM Firewall? UTM stands for Unifed Threat Management. A UTM firewall is because the firewall can scan the data coming into your network for malicious code. Does the firewall block all incoming and outgoing ports except the ones you use? Most firewalls block the incoming ports but they allow anything to go outbound. This is dangerous because once you have malware on your computer, you want to block it from being able to send information out.
- Do you have updated Anti-Virus in place? Does the anti-virus include anti-spyware and anti-malware? I see many many computers that don’t have A/V installed or don’t have it up to date. It is very inexpensive to have a managed anti-virus service. How much will it cost you if someone hacked you with a simple virus that would have been caught with updated anti-virus?
- Do you allow your employees to access email on their phone? Do you have policies in place to force a passcode on that device? What information is in your email that you don’t want others to get? Most email systems can deploy simple security measures for mobile devices. I recommend either Office 365 or Google Apps for work because both include mobile device policies.
- Do you require a password that is managed centrally on all computers and laptops? If your employees take their laptops with them, you want to make sure that they have a secure password that can’t be cracked and possibly even consider encrypting the hard drive. Secure passwords are ones that are random and only mean something to you. You should use uppercase, lowercase, numbers, and symbols. Also, try and make all of them slightly different. Password databases like Keepass can help you keep all your passwords in one place. Just make sure the password locking that database is difficult and long.