Once you’ve identified your data and devices, how do you protect them?
Ultimately, your goal is to build a culture of cybersecurity that includes employees knowing how to protect themselves and the business and understanding the cyber risks as your business grows or adds new technologies or functions.
Crown jewels are the data without which your business would have difficulty operating and/or the information that could be a high-value target for cybercriminals.
Quick Wins
- Keep security software current: Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats.
- Automate Software Updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.
- Use strong authentication to protect access to accounts and ensure only those with permission can access them. This also includes enforcing strong passphrases.
- Back up data: Put in place a system – either in the cloud or via separate hard drive storage – that makes electronic copies of the key information on a regular basis.
- Limit access to data or systems only to the employees who require it to perform the core duties of their jobs.
- Keep a clean machine: Your company should have clear rules for what employees can install and keep on their work computers.
- When in doubt, throw it out: Employees should know not to open suspicious links in email, tweets, posts, online ads, messages or attachments – even if they know the source. Employees should also be instructed about your company’s spam filters and how to use them to prevent unwanted, harmful email.
Stay watchful and speak up: Encourage employees to keep an eye out and say something if they notice anything strange on their computer.
Additional Resources
Cofense
Federal Inter-Agency Ransomware Guidance
Federal Trade Commission
MediaPro
SANS
TeleSign
U.S. Department of Homeland Security