All hackers are looking for are vulnerabilities and who is the easiest organization to get inside. How can you prevent that and make sure that your environment is secure?
1. Limit access.
Make sure that you have your physical equipment (servers, equipment, switches, etc.) locked in a room that only specific people have access to.
2. Password integrity.
Everyone hates changing their passwords. That's definitely something that we all complain about on a regular basis, but password integrity is huge. Make sure that you change your password on a regular basis and that the length and the complexity is there. On top of that, encourage your end-users to understand why that's important. Because if a password gets out there and a hacker has it and they're in your environment, usually they just sit in your environment until they can find the information that they need in order to take the information that they want.
3. Email security.
Email security is also important for password integrity and getting into your email. It's not just about clicking on a link and having spam get into your computer. A lot of times email integrity and security is about impersonations as well. Some organizations they have a hacker inside and they realize, the CFO is the one who is talking to the CEO and then the CEO asks somebody for a wire transfer. So making sure that they can't get into your email on a regular basis or that they're not in your email is really important.
4. Secure Wi-Fi.
Make sure that you have a password on your Wi-Fi. If you don't have a password, you can have, you know, Joe on the streets able to access your information and then they're able to get into your network and in that backdoor fashion.
5. Policies.
People often forget about writing a policy, or they have a policy that is so complicated that it's not something that people will follow. Make sure that your policies are simple, to the point and executable. Because if it is a policy that people aren't going to follow or actually execute on, it's almost better to not even have one.
6. Education
Similar to policies, the weakest link in your environment is your end-users. Those are the people that are constantly consuming your information and they hold all the information within your organization and so making sure that you're educating them on a regular basis – why shouldn't you click on a link, why should you make sure that you know what attachments you are opening. Knowing what affects your environment when a hacker gets inside, and the effect it has on your business, and what effect does that have on their job is important. Doing ongoing education on a regular basis is extremely important. There's a lot of programs; you can put something together yourself, you can have somebody else put something together for you, but just making sure that you're doing that continuous education is extremely important.
7. Backup Data
Sadly, a lot of cyber security, it's not a matter of if, it's a matter of when are you going to get hacked. So if you do happen to get ransomware or your environment is compromised in any way, how are you going to recover from that? Make sure that you are backing up your data on a regular basis because you don't have to pay that ransom money and you never know if you're actually going to get your information back or not. So making sure that you have good backup, where you can go back an hour a day, two days, whatever it might be, having that backup and a backup disaster recovery plan is extremely important.
8. Cover the Basics
And then obviously, just covering the basics. Antivirus, malware, education and just making sure that you have those blinking lights that everyone talks about in the back room. Your firewalls are up-to-date, you have the security patches, you're current on your software, assurance that all of the updates and upgrades are happening on a regular basis. And your environment is secure from a base level, as well as moving up to all of the other areas.
