10 Simple Steps to Keep Your Organisation’s Data Safe
It’s no secret that the online world is no place for complacency when it comes to protecting data; the stakes are too high. Not only does your organisation have invaluable data on your operations, it’s also hosting the sensitive data of your clients, suppliers and stakeholders that would be absolutely disastrous if it were to be compromised.
Countless reports have mentioned that the problem is getting worse specifically for small businesses, as hackers look for an easy pay-day targeting small organisations that often don’t have the most basic of security protocols in place. The 2019 SMB Cyberthreat Study shows that two-thirds of senior executives and managers in small businesses think it’s unlikely they’ll be targeted by online cyber-attacks, and equally as terrifying is the statistic that 6 out of 10 small businesses on average have no digital defense plan at all.
In light of this, we’ve put together a list from CNBC’s technology reporter, Scott Steinberg who does a great job at putting it into plain english.
Making daily backups and duplicates of data and files that can be retrieved in the event of system compromise or ransomware (malicious software that holds accounts/networks hostage until large sums of money are paid).
Installing and regularly updating anti-virus, network firewall, and information encryption tools to scan for and counteract viruses and harmful programs; guard against incoming network or denial-of-service attacks; and keep sensitive information safe.
Routinely monitoring and scanning any device that’s connected to a computer system or network, and prohibiting the use of removable media (e.g. USB drives) at work.
Limiting employees’ access to only the files, folders, and applications that are required to perform routine on-the-job tasks.
Providing regular, up-to-date training for staffers at least every 90 days on the latest online threats and trends in cybercrime.
Engaging in teaching drills and exercises grounded in real-world everyday scenarios that test employees’ ability to detect scammers and respond appropriately to fraudulent requests.
Instructing staff about the dangers of clicking on unsolicited email links and attachments, and the need to stay alert for warning signs of fraudulent emails (among the fastest-growing forms of “phishing,” a.k.a. online con artistry, today).
Utilizing multi factor authentication (requiring multiple checks and approvals) before authorizing any major, uncommon, irregular, or allegedly time-sensitive requests.
Conducting ongoing vulnerability testing and risk assessments on computer networks and applications to seek out and address possible points of failure before they arise.
Implementing artificially-intelligent cyber analytics tools that can scan networks, user accounts, and applications to determine what passes for normal behavior, and auto-detect and immobilize suspicious activities before they spread.