- Created: Tuesday, 16 March 2021
- Written by Paul Grigg
Your IT is only as secure as your weakest link. But what are the links? And how do you strengthen them?
- Each person should have a unique strong password for each account, application and website
- Enable two factor authentication for every account that supports it
- Use a password manager. LastPass Enterprise will “score” each person so you can see who is not following best practices
- Ensure all devices are protected at all times by a firewall, next-gen antivirus, web filtering and email filtering
- Ensure security patches are installed as soon as possible. Not just Windows updates, but your applications too e.g. Chrome, Adobe Reader etc
- Don’t take it on trust that everything is doing its job, actively monitor each device
- Regularly backup all business critical data off-site, and retain for an appropriate length of time. Make sure your colleagues aren’t storing data anywhere that isn't backed up. Test your backups actually work by carrying out a full disaster recovery test.
- Protect your data from physical theft. Encrypt devices at risk of being lost or stolen such as PCs in public areas, laptops, mobiles etc
- Limit the damage that can be done from a single compromise by making sure each person only has access to the data they need to do their job.
- Document your IT policies - Acceptable use, BYOD, Security etc
- Make sure they are simple and easy to follow e.g. don’t just say “Use a strong password”, spell it out “10+ characters, 1 upper, lower, digit, symbol, isn’t easy to guess”
- Enforce them by technical means where possible e.g. setting minimum password length and complexity.
- Document your IT procedures and ensure they are not vulnerable to social engineering
- Instil a culture of insisting procedures are followed, and always insist they are followed yourself
- Train your staff how to spot threats, what they should do if they think they might have been compromised, and who they should report incidents to
- Carry out simulated phishing attacks and provide additional training to anyone that falls for them
Working from home?Every single point applies just as equally to home workers and their home working setup, even if working from a personal device. If you make exceptions for home working then that becomes your weakest link!
Do you have any weak links you would like to improve? Or is your current IT provider letting you down? Engage telanova as your IT team!