As with any well-built system, effective cyber security begins with building a solid security foundation. Without thoughtful attention to building a good foundation, a business will remain vulnerable to hacks and breaches until they finally decide to face cyber security issues head on.
When first addressing an issue, one must first assess all the security issues, both the obvious and the potential ones. Assessing a company’s technology vulnerabilities must be performed by someone with a high level of expertise in evaluating the company overall for sub-standard IT practices.
After determining all the security holes that need attention, the next step is to create an pro-active plan that will address each potential threat. The plan should include both steps that can be taken in order to avoid a security problem altogether, as well as a solid recovery plan to initiate in the event the worst should happen and a breach is discovered.
A comprehensive security plan will consist of several key components, including:
Sometimes there is a delicate balance between applying security measures to ward off the threats of intrusion, yet still providing enough openness in a computer system to allow employees to actually complete their daily tasks. A good security team will assess what their client needs in terms of effective security, but in a balanced manner, thus preventing their security efforts from hindering daily operations.
Addressing Mobile and Remote Access
Even if all employees in a given company work on-site, it is a rare company that does not allow at least some off-site mobile and/or remote access to corporate systems by their staff members. As work life becomes more and more intertwined with personal time, if not addressed, the security risks associated with off-site access means a company will remain vulnerable to hacks and data breaches.
In the past, ensuring that all corporate PCs had anti-virus software installed might have been enough to combat threats. With every passing year however, hackers and data thieves become more ingenious in their behavior. A good security plan will include securing endpoints through configuration and patch management, solid firewalls, application controls, data loss protection, and in some areas, data encryption.
Enforcing Multi-Factor Authentication
More and more businesses are enacting multi-factor authentication in order for their employees to access corporate systems and data. Many breaches have occurred from the use of woefully inadequate passwords such as “1234567” or “ABC”. Of course, companies should also support their multi-factor authentication measures by enforcing the use of strong passwords.
If you would like to know more about how to build a good security foundation in order to protect your corporate IT assets, please contact us.