News & resources -> IT Security – Best Practices

IT Security – Best Practices

14.08.18

You are probably going to roll your eyes at some of these security practices because in this day and age they are considered common sense. Nevertheless, they are an important part of your IT security best practices which both you, your business, and your IT Consultancy should be responsible for.

 

Keep Your Software Up to Date

It sounds dumb, but hackers and brute-force programmers are counting on you “not” keeping your software up to date. They didn’t just spend months working on a program to circumvent your software security for you to go and update your systems and send them back to square one. They want to use their program, so they are going to find as many devices as possible that still use an outdated piece of software.

 

BYOD Needs to Be Highly Regulated

A “Bring Your Own Device” (BYOD) policy may be a big money saver. For example, if a warehouse operative needs to keep in touch with lorry drivers over WhatsApp, then allowing your operatives to use company Wi-Fi on their own devices is a money saver and saves a lot of fuss. However, stealing data is far easier if you have people on the inside who have compromised devices, and your control over how much data leaves your area of influence is weakened in many cases. A controlled integrated system is much more secure.

 

Backup Your Data to Save Money

The amount of money you can save by backing up your data is legendary. Even backing up a website can save you thousands because you do not have to pay people to replace the content of your web pages. Plus, the loss of data is sometimes serious enough for others to become litigious against you.

 

Backup to Reduce Damage from Ransomware Attacks

Ransomware tends to lock down data rather than systems. If you have your data saved on backups, then regaining control and freeing yourself from the hijacker is quite simple.

 

Set Up Strong Passwords That Are Routinely Changed

The passwords need to be long, they need to have uppercase characters, lowercase characters and numbers in them. They also need to be changed routinely to invalidate the work that brute force programs have been doing. You need to restrict any chances of laziness, such as by setting up a password system where people cannot use old passwords and where they cannot use passwords that were similar to their previous password.

 

Limit Access to Accounts with Permissions

You can set up permissions on IT devices and even on websites and servers. Limit the amount of harm a single person can do by limiting each employee’s access to certain IT functions. This also limits the amount of damage that can be done if a certain employee’s account is compromised.

 

Make Sure You Have an Up-to-date Anti-virus And Firewall Program

Anti-virus programs are amazing these days, so it is worth investing in a very good one. Set up your firewall and have an expert in your team who manages it. Keep the firewall current, up-to-date, and adapt it to react to online threats as they arrive.

 

Set Up Protocols for Dealing with Phishing Scams and Scamming Phone Calls

Figure out which of your staff members are able to answer phones and read emails. Identify where spam and scamming messages are coming from and try to stop them getting through to your systems and to your staff. Limit the number of people who are able to deal with such messages, and make sure that your staff members are careful when dealing with emails and calls.

 

Make Sure That Devices Cannot Be Left Unattended or Be Molested

If an employee is able to accidentally leave a device unattended, then all precautions should be taken such as password protection, tracking, and the ability to remotely wipe the hard drive. All physical means that people have to molest your hardware should be cut off and/or eliminated so that only systems administrators have direct physical access to your hardware.

 

Document Cybersecurity Polices to Help You Hold People Accountable

Formalising your cybersecurity polices in documents is common sense because it helps guide old and new employees. Plus, it enables you to hold people accountable if there is a security breach. The people who allowed it to happen need to be penalised or fired because they took their eye off the ball.

 

Privileged Users Need Watching

Take extra precautions (both secretly and overtly) to watch over the people in your organisation who have special IT/account privileges. You are supposed to be looking for signs they are not taking security seriously, signs that they are acting incorrectly, and even signs that they have been compromised. Don’t forget that good employees can be compromised. You can spend all the money you like on high-tech firewalls, but it won’t stop your systems administrator’s dog from being held hostage.

 

Scare Your Staff

It sounds crude, but the idea that “we are watching” is very effective. People who are God fearing will not act immorally because they know God is watching. If people think you are watching, even if you are not, then people are far less likely to act incorrectly. You do not have to watch as closely as your staff think you do because you are aiming for the psychological angle. You are shining the bat symbol in the sky even on Batman’s night off.

If you are unclear if your IT security is up to standard, gives us a call on 0117 325 0370 to discuss.

Join the Computer Geeks community on LinkedIn