Rising above the Security Poverty Line
Just click the image above to get the low-resolution copy of this infographic.
Staying above the security poverty line isn’t just a good idea, it’s also good business. According to the Ponemon institute’s “2014 Global Report on the Cost of Cyber Crime,” the cost of cyberattacks on businesses has nearly doubled in the last four years. Every business should strive to have strong security, and to not be a statistic.
Here are our top 12 tips to help a business rise above the security poverty line.
1. Dedicated Security Budget
No-one should turn down security because it is “too expensive”, security is a process not a product. Many tasks can be done at the cost of time alone, and even then any budget should have room to accommodate for IT security.
2. Achievable Security Goals
Many businesses feel they lack the resources needed to achieve even basic security, but rarely is that actually the case. Setting realistic and achievable security goals can help combat those beliefs about cybercrime.
3. In-house Security Expertise
No, “Google” is not an in-house security expert; however, that can be a great place to start. Simply designating a person as the in-house security expert can help clear a lot of the confusion surrounding who needs to know what.
4. On the Cutting Edge of Compliance
Knowing is half the battle. If no-one in a business knows the difference between PCI compliance and a PCI port then they need to be guided to relevant sources of information to keep them up to date.
5. Collecting Security Policies
If a business is generally unaware of current recommended security policies, then they likely have few themselves. Rarely is it necessary to start from scratch when it comes to establishing security policies, as adapting current industry best practices can provide quick results.
6. Authorized Devices Inventoried
It’s nigh-impossible for a business to secure devices they’re unaware of. Keeping an inventory of authorized devices can help when it comes time for securing all of your endpoints.
7. Maintained Malware Protection
Most people know that they need some sort of protection on their systems. Unfortunately, the set-and-forget nature of such solutions often results in systems running out of subscription time, or being left without updates.
8. Fully Configured Network Devices
A properly configured firewall can greatly assist in securing a network. An improperly configured firewall may provide less functional security, if any at all, and could potentially expose a network to even greater risk.
9. Vulnerability Assessments
Regular vulnerability assessments are like checking that your doors are locked whenever you leave your home. However, unlike a home, a network can have hundreds or thousands of doors, so looking in all the right places is critical.
10. Employee Security Awareness
There’s no need to instill a fear of the internet into users, but some relevant statistics and examples from the news can help any employee become more security conscious. A little knowledge goes a long way.
11. Thorough Password Policies
For best results, pair a strong password policy with some sort of password management solution. That way it’s possible to minimize the number and difficulty of passwords users need to remember.
12. Account Monitoring and Management
What purpose does having a password policy serve if users are sharing accounts, or worse yet, sharing administrator accounts. Account monitoring allows you to track activity like this and lets you put a stop to it.