National Cyber Security Awareness Month is a great time to take a look at the security of your company’s data. To help you do that, we’ve created a 10-question self-assessment that companies can use to determine their level of data security. So, grab a pen and pad and jot down yes or no to each of the questions below, then tell us how you did:
1. Is all company data stored in a secure, centralized location?
Too often, companies store data in numerous locations that are not under company control, such as on laptop hard drives and employees’ personal Dropbox accounts. For security purposes, data should be stored in locations that are under centralized company control – such as a well-managed server or business-class cloud syncing solution.
2. Is access to all company data adequately controlled?
Adequate control to company data looks like, at bare minimum, unique usernames (i.e., each username is assigned to and used by only one individual) and strong passwords. But businesses should also consider further measures, such as password managers and two-factor authentication to mitigate cyber risks.
3. Are there measures in place to ensure data security on mobile devices?
When employees store company data on mobile devices, from laptops to smartphones, they put it at greater risk for compromise. Ideally, data should live in a centralized location, as mention above, and be accessed in that location from mobile devices, rather than stored on the devices themselves. Still, precautions such as laptop encryption are sometimes helpful for safeguarding mobile devices in the event of theft or loss.
4. Is a VPN in place for remote workers?
One way to make working remotely secure for employees is to set up a virtual private network (VPN). This enables offsite employees to securely access company data from wherever they are. Without a VPN, employees may make copies of company data to their personal devices, which poses serious threats to security.
5. Is policy-based email encryption utilized?
If anyone in your company sends confidential information over email, email encryption is a must. The best email encryption solutions are policy-based, meaning that they apply a set of filters to all email leaving your company’s domain, automatically encrypting those that have common types of confidential information. That way, employees don’t have to remember to hit “encrypt” before sending a message.
6. Do you have business-class backups?
Data backups remain a critical component of any cyber security strategy, protecting you from both acts of God and many cyber attacks, such as ransomware infections. A business-class backup strategy includes a redundant local backup, as well as a remote backup of your critical data.
7. Do you train employees regularly?
Many of the most effective cyber attacks succeed because the criminals behind them are good at manipulating individuals to give up key information (such as a username and password) or download malware. Cyber awareness, then, is a key component to a strong cyber security strategy. Employees should be trained, for instance, to spot and avoid phishing scams and to be on the lookout for social-engineering attacks.
8. Are critical systems patched regularly?
44% of breaches occur after vulnerabilities to the systems storing data – such as a server’s operating system – have already been identified. This means that applying security patches and updates is extremely important.
9. Do you have a remote monitoring and management (RMM) solution?
One way to make sure security patches, as mentioned above, get applied regularly is to employ an RMM solution, which can apply patches automatically, if configured properly by a network administrator. This software has the added benefit of being able to alert the appropriate parties of common issues on company computers, servers, and networks—in many cases before the user even notices them.
10. Do you have a proactive network administrator?
Cyber security depends on having individuals who are responsible for continually reviewing your technology infrastructure to make sure it aligns with industry standards and best practices. Business-class systems, if implemented properly, usually work well and are secure when they are first installed, but as time goes on, it takes a vigilant network administrator to make sure your systems remain productive and secure as changes are made and new threats materialize.
How’d You Do?
If you answered “No” to any of the above questions, you may have vulnerabilities that you need to address. If you have questions about your results, or would like help implementing a plan to improve your company’s security, contact us today!