The below article was originally published on CSO Online.
A security practitioner who isn’t worried about a breach is a rare find in the industry. Even if you are taking all the right steps to protect your assets, there is still a pretty good chance that your network will be compromised.
For those who are new to security, you might be asking, “What are the right steps?” Jason McMahan, director of technology at Concept Technology, offered tips on how to help mitigate the risk of an attack and obtain a more cost-effective insurance policy.
McMahan said, “Cyber-security protection and liability insurance have a symbiotic relationship. By showing underwriters that strides are being made to reduce cyber-liability and keep data safe and easily recoverable, businesses may be able to secure lower premiums for their insurance.”
Here are six steps you can take to prove you are proactively trying to reduce risk.
1) Encrypt your wireless network
Make sure your network is encrypted. The level of security needed will depend on your company’s needs. Business data will often require multiple layers of encryption. Don’t use memorable passwords. Ensure that application-level traffic is also encrypted between computers using secure methods such as TLS.
Wi-Fi pre-shared keys will never cut it for sensitive data. Have even stronger levels of security, such as individual usernames and passwords with access-level rights (which can even be specific to the device), versus one network password used by everyone in the company.
Additional security measures, such as time restrictions, segmentation, and intrusion monitoring can be brought to bear in order to minimize exposure.
2) Backup data consistently
Make sure that your data is always secure and readily available. Significant data loss can result in financial costs, especially if your data is attacked by ransomware. If your business doesn’t have an enterprise-grade backup and file sync system with strong encryption and controls, now is the time.
On-premise backup solutions and cloud-based services, along with hybrid solutions, remain the most popular ways to backup data. You can use any of these, but you still have to determine how the data should be properly saved.
3) Establish 24/7 computer network monitoring
Remote monitoring software can help fend off cyber-attacks by sending alerts to changes or problems immediately. The software is installed on each device that uses the network, and then reports any and all information back to a central server. As the software checks on the devices in regular intervals, activity reports are compiled. This kind of system is great for mission-critical servers or applications that have to be available 24/7.
Monitoring can flag when malicious attempts are being made to access the network. Thresholds can then be set in the software to warn system managers if the number of incorrect logon attempts reaches a pre-defined threshold.
If a hacker does successfully gain control of a system and begins to make changes, intrusion detection systems (IDS) can also report the changes that were made. It’s an important aspect of full-scale cyber-attack protection.
4) Proactively research and be aware of evolving cyber-security threats
A system can’t be set up once and then left alone. Businesses should work proactively to stay ahead of any developments in cyber-attacks. By taking the time to intentionally remain updated with industry and cyber-security news sources, and then using that information to analyze and adjust existing systems, businesses are able to maintain their system’s security.
5) Regularly educate employees on your company’s data policy and procedures
Businesses should make education a priority when it comes to cyber-security policies and have mandatory employee training on cyber-security as part of the on-boarding process. Ensure that every person realizes the implications of their actions, and how they might cause a data breach or security leak.
Training should be ongoing for everyone in the company. Have a dedicated security officer, or a person to step into that role as needed, to ensure that cyber-security policies are being enforced and to oversee changes.
When talking about cyber-attacks and network security, the more education the better. After all, if employees don’t realize their actions are potentially compromising security, they’ll keep doing whatever makes their job easy.
6) Frequently ensure your anti-virus protection and web security are up-to-date and active
Anti-virus software is a must. For companies with any number of computers, it’s important to know if anti-virus software is installed, active, and up-to-date. Central managed software is a great tool for this; otherwise, computers must be configured and checked individually for policy compliance, and security alerts will go unnoticed.
Set up web and email security to provide click protection and block inappropriate websites and unwanted senders. Hackers, such as those using ransomware, are well-funded, and the response time on finding workarounds for security software is shrinking, meaning not having properly updated anti-virus or network security software can be disastrous.