Written by Jay Fredkin
All business owners require information technology to run their business. This list discusses the basic areas required to have safe and productive information systems. Threats can come from outside or inside your organization, or due to poor IT management. Know these 10 areas, commit to them, and you will have a secure program.
1. Know your personnel and who has access to your system.
Administrative access gives a lot of control. Never provide access to those who do not need it. Only provide access for what personnel need to know. Background checks should be done as well.
2. Know your program.
It is okay to be informal – but you have a program whether it is planned or de facto. Security matters. Know the laws and customer requirements as they pertain to you.
3. Talk about security – ask about security.
Talking creates awareness. Asking questions emphasizes your commitment to the program. Don’t accept noncompliance that can compromise your business.
4. Know what your mission critical systems and applications are.
Those applications that are required to run your business should receive your priority attention.
5. Have a data and application backup and availability plan.
Those critical applications have critical data. Back up the data. Geographically and digitally separate mission critical apps and data. Have a disaster recovery plan so you can bring the critical applications back online as quickly as you need them.
6. Keep software patches current.
Patches are critical to security maintenance. Be diligent here, or the hackers will know how to exploit you.
7. Use malware and antivirus software.
Take the next step and use Network Intrusion Detection and Prevention tools too. Install firewalls to protect your assets.
8. Employ good password management policy.
Use strong passwords. In more critical cases, expire passwords and use multi-factor authentication. If possible, employ a centralized management tools and processes, like Active Directory, so you can quickly and thoroughly take away privileges.
9. Maintain an Incident management plan.
When there’s a problem, who needs to know and who can solve the problem? Don’t leave this to chance. Create a game plan before it happens.
10. Remember that physical security matters!
Lock critical equipment up, otherwise someone can steal critical equipment or tamper with it.
I know I said 10, but this one is important too:
11. Control vendor access to your systems.
Know who the vendors are and what systems they have access to. IT people like leaving backdoors open so they can get into applications and systems. So can hackers, or disgruntled employees.
You can use this list like a checklist to see where you stand. Employing secure systems is a journey. In those areas that you are vulnerable, start the process of mitigating the risk. Attack the easiest solution and largest risk issues first, whether you do it yourself, or bring in consultants to support the process – make sure it is on your radar screen. To learn more about our cybersecurity and custom software offerings, request a consultation call today!
About CABEM Technologies LLC:
Founded in early 2002, CABEM Technologies is a custom software company that provides sophisticated products, solutions, and technology services to a discerning client base. With expertise in custom development and cybersecurity, we provide solutions to a variety of markets including healthcare, government, manufacturing, financial, environmental, and more.