Cyber security should be top-of-mind for everyone who uses a computer or mobile device, and especially business owners and executives. But how do you know that your IT systems (whether on-premise or in the Cloud) are being properly protected by your IT staff or outsourced IT firm?
Here’s a checklist of critical cyber security safeguards that should be in place for your NJ business — all of which IND Corporation offers its clients, and many of which are included in our TotalCare comprehensive managed IT services plans.
- Conduct a quarterly system analysis. You don’t know where your weak points are unless you’re looking for them. It’s important to have a managed IT services firm assess your infrastructure, provide you with a full report, as well as an action plan for addressing weaknesses.
- Install and update anti-virus and anti-malware software. These should be enterprise-level, so make sure you are not getting anti-virus program that can be disabled by users or require user intervention. This is because enterprise-level anti-virus software cannot be disabled by your users (and trust us, malware in particular is not anything you want to deal with). Software should be updated appropriately when new releases are available (almost every night); this happens automatically for our TotalCare clients.
- Implement employee cybersecurity training. At IND Corp., we offer training to your employees on how to recognize dangerous phishing emails. All it takes is one wrong click to infect your system and cause expensive downtime for everyone. Cyber security training programs should include both video training and testing, so that you ensure employees (your weakest link) know how to identify malicious emails.
- Encrypt email and put anti-spam controls in place. This is especially true for any organization dealing with sensitive personal information, such as healthcare facilities, medical practices, or financial institutions. Personally-identifiable information should never be sent by regular email, it must be encrypted.
- Deploy endpoint encryption. This happens on any computer (the endpoint) where work is being done. Datat that is saved on on the device’s hard drive should be encrypted, which protects it from being read or removed from the device should the device be lost or stolen.
- Manage your firewall. A firewall is a critical layer of protection around your computing infrastructure, screening out hackers, viruses and works that can infect your system over the internet. It can be a software program or piece of hardware. Either way, it is vital that your IT partner not only subscribes to the manufacturer’s update program but also performs the latest security updates on your system. Without these updates, you leave the cybersecurity door wide open.
- Mobile device management. If your employees are using company-issued mobile devices, installing mobile device management (MDM) software will enable you to control access to company data and systems on those devices. You can also track the devices and wipe data, shut them down, or deny access remotely. You may also deploy MDM software onto employee-owned devices that controls access to files and systems but does not control the device itself.
- Password management. You have numerous users, and dozens or hundreds of accounts that your employees use to access your Cloud-based applications and Cloud-based vendors (like your company Twitter account). How do you securely store those passwords, and control access to passwords? The days of using an Excel file to organize your passwords are over, as Sony has proven. <link to article about Sony hack.> You need a password management system that stores unique passwords for each of your vendors websites, and provides access o each user based on their role in your business, without anyone having to write anything down.
- Two-factor authentication. This is another way to protect access to files and systems during log-in. It’s no longer good enough to accept one password; double your log-in security with a two-factor token on all your business-critical systems to ensure only authorized personnel are accessing your systems.
- Security Information and Event Management (SIEM). This monitors your system for real-time security events, like unauthorized parties trying to access your systems, and takes action in real time. We look for security-related events on your network, servers, and network hardware, and alerts are sent to our central monitoring station, where our engineers can perform real-time analysis and take action as needed to keep your business safe.
How does your current IT provider stack up in proactive cyber security? Don’t leave your network vulnerable when there are measures you can take to safeguard it. Contact IND Corporation for a cyber security analysis, and to discuss all the ways we proactively monitor and manage computing infrastructure for companies throughout New Jersey.