It's easy to become complacent about IT security. We're always informing our customers of the latest threats and security issues that may increase the risk to their business. Sometimes however going back to basics is required, just as a double-check to make sure you've got all bases covered. In this article, we'll be outlining the top 10 things your IT provider should be proactively maintaining on your business technology.
1) MFA/2FA
Acronyms aside (multi-factor or two-factor authentication) this is the most basic security setting that should be enabled across the entire workforce. Without it all a hacker needs is a guess of your password or to successfully "phish" your email.
2) Password Enforcement
Everybody hates having to use a strong password. How many times are you asked to change your password? Can you remember them all? Use a passphrase instead; these are usually easier to remember and far more secure.
3) Phishing Emails
Having an awareness of phishing emails and what to spot is probably one of the best practices you can employ. This includes looking at the URL in a link, checking the sender email and spotting any glaring mistakes in the copy of the email. These are always red flags which should be checked if you are being asked to click something in an email.
4) Anti Virus
Proper antivirus protection seems like such a non-topic. It's taken for granted, but it shouldn't be. New computer viruses appear regularly, and your antivirus needs to be updated and properly configured.
5) Backup Strategy
Your data is your business. Make sure you have a robust backup strategy that includes offsite backups and regular testing of restore procedures.
6) Software Updates
Keep all software up to date. Security patches are released regularly to fix vulnerabilities that hackers could exploit.
7) Access Controls
Not everyone needs access to everything. Implement the principle of least privilege - give users only the access they need to do their jobs.
8) Encryption
Encrypt sensitive data both in transit and at rest. This protects your information even if it falls into the wrong hands.
9) Security Awareness Training
Your staff are your first line of defence. Regular training helps them recognise and respond to security threats.
10) Incident Response Plan
Have a plan in place for when (not if) a security incident occurs. Knowing what to do in advance can significantly reduce the impact.
