A Cyber Security checklist for your medium-sized business

Joel Elias Cyber Security Leave a Comment

Nation wide reports show that more than two-thirds of business owners do not have a disaster recovery ( DR ) plan in place and in fact on top of that, 71% of small business owners choose not to buy business interruption insurance. 

Considering this is a an alarming statistic we have put together a checklist of items you can begin addressing immediately in order to make your small or medium sized business network prone to an attack 

Control access to your computers

Use key cards or similar security measures to control access to facilities, ensure that employees use strong passwords for laptops and desktops. Administrative privileges should only be given to trusted IT staff.

Know where your data resides

Maintaining oversight of business data is an important piece of the security puzzle. The more places data exists, the more likely it is that unauthorised individuals will be able to access it. Avoid “shadow IT” with business-class SaaS applications that allow for corporate control of data

Protect your network and devices

  • Implement a password policy that requires strong passwords that expire every 90 days.
  • Implement multi-factor authentication.  
  • Deploy firewall, VPN and antivirus technologies to ensure your network and endpoints are not vulnerable to attacks. Ongoing network monitoring should also be considered essential.
  • Encrypt hard drives.

Keep software up to date

It is essential to use up-to-date software products and be vigilant about patch management. Cyber criminals exploit software vulnerabilities using a variety of tactics to gain access to computers and data.

Create straightforward cyber-security policies

Write and distribute a clear set of rules and instructions on cyber-security practices for employees. This will vary from business to business but may include policies on social media use, bring your own device, authentication requirements, etc.

Back up your data

Daily backups are a requirement to recover from data corruption or loss resulting from security breaches. Consider using a modern data protection tool that takes incremental backups of data periodically throughout the day to prevent data loss.

Enable up-time

Choose a modern data protection solution that enables “instant recovery” of data and applications. Application downtime can significantly impact your business’ ability to generate revenue.

Train your employees

Because cyber-security threats are constantly evolving, an ongoing semi-annual training plan should be implemented for all employees. This should include examples of threats, as well as instruction on security best practices (e.g., lock laptops when away from your desk). Hold employees accountable.

With the growing use of cloud applications such as Office 365, Google G suite, Dropbox and the like, business are relying on these applications in the case of a cyber-security attack however the question is how soon can resume operation if your only PC or MAC was stolen or encrypted by a random attack.

Leave a Reply

Your email address will not be published. Required fields are marked *