- Educate employees about security best practices. 52% of all data breaches, according to CompTIA, are caused by human errors such as clicking on links or attachments in phishing emails. To minimize this risk, allow your IT provider or IT team establish security policies, train your employees on best practices and consistently remind them that these best practices provide the first line of defense in keeping their systems and data safe.
- Update your software regularly. When workloads increase, it’s easy to put off software updates. But, if there is one lesson we can all learn from data breaches like WannaCry, the ransomware attack that took down more than 200,000 computer systems last year, it’s this – keep your software up to date. Each of the breached computers was at least two months behind on their security updates.
- Take a multilayered approach to IT security. Another vital point to keep in mind with security is that there is no single service that protects networks in all situations. It requires multiple services such as Managed Antivirus, Managed Patch Management, Web Content Filtering, Mail Security and backup to prevent threats coming through. Implementing layered controls also limits what can be accessed if a breach occurs. The Equifax data breach, which exposed the sensitive information of 143 million American consumers, is an excellent example to keep in mind. According to a company statement, the breach exploited a web application vulnerability to access specific files over a period of several months. In an article from The New York Times about the breach, a fraud analyst from Gartner pointed out that Equifax should have had layered controls in place to help limit damage from the attack.
- Don’t leave backup to chance. Sometimes even with the best systems in place, ransomware or other malware can slip through and infect data and files. Rather than putting yourself in a situation where you have to pay a cyber criminal to unlock your data, it’s essential to have a managed backup and disaster recovery (BDR) solution in place. If you’re using unmanaged backup software, you won’t be alerted if it stops performing daily backups, which typically happens after a software update or if someone temporarily turns off a backup and forgets to reenable it. Plus, if you just need a specific set of files recovered, it’s a bit excessive (and time-consuming) to restore an entire system. It’s well worth the investment to use a managed BDR that includes file- and image-based backup—locally and in the cloud—to cover all your bases.
- Perform security audits. It is important that someone either you, your IT provider or your IT team to perform regular security audits whether it is monthly, quarterly or at worst annually. Doing security audits helps make sure that your cyber security services are up-to-date and protecting your systems. Just like your vehicle, security measures and practices should be maintained regularly or at least reviewed to help minimize your risks of attacks.