Many people ask our engineers for Information Security advice, so we decided to put together a list. Started at 5, grew to over 20 so thought we would limit to 10 to give some focus. We will share the other 10 with you next month!
You are a target
Never say “it won’t happen to me” - everyone is a target. We are all at risk and the stakes are high for your personal and financial well-being and that of your company or organisation.
Beware of any “official looking” suspicious emails looking to trick you into divulging personal information or asking you to transfer or make payments.
Maintain strong unique passwords; your password policy should enforce this based on the complexity and change cycle. Choose a good password at least 12 characters long, mixture of numbers, special characters, small and capital letters to create a mental image or an acronym that is easy for you to remember.
Multi Factor Authentication
Multifactor authentication is the most proactive way for securing online information. Passwords can be compromised, so once they are, it is easy for criminals to gain access to your account. Multifactor authentication requires an extra step to authenticate your identity; be it an App or text message on your phone. It is imperative to have Multifactor factor authentication on all web-based applications e.g. Office 365, Salesforce, Xero, Dynamics 365, SharePoint – Examine which of your applications are web based and implement Multifactor on all.
Protect your data
Make sure your data is encrypted on laptops, desktops and servers. Not only is it a good thing, GDPR rules state that all data containing personal information needs to be encrypted.
Use of Mobile devices
Make sure pin codes are enforced, mobile phones are enrolled on your network if receiving email or company data so that you can control the security settings and wipe the phone or your organisations data if phone is lost or stolen.
All information should be saved to Fileserver drives or Cloud storage (SharePoint) which in turn should be backed up. No important data should be stored on local devices.
If your company or organisation has a data breach, or data is accidentally exposed on a phishing scam, what do you do? Put a plan in place; examine your information security policy. Is it up to date? Do you have one?
The human factor in Information Security is something you cannot ignore. Add cyber security awareness to you onboarding process. Carry our regular IT security awareness training to include; Anti Phishing, Ransomware Prevention, Security Training for mobile computing and Data Protection training for all staff.
Limit employee access
Ensure that only those employees that need access to sensitive data, files, and documents have access. When every employee has access to every resource, you run a higher risk of exploitation.