It’s Not Too Late for Spring Cleaning! Brush up with These Cyber Security Best Practices

Summer might be right around the corner, but if you’re feeling guilty about skipping out on spring cleaning, it’s not too late! Now is the perfect time to clean up your network security, sweep away the bugs, and keep your most sensitive data where it belongs—away from prying eyes.

Considering that cyber-crime costs the global economy hundreds of billions of dollars, this is one area of spring cleaning you don’t want to neglect. New malware and worms are released “into the wild” on a daily basis, and they could be headed directly to your network. Here are some simple best practices you can follow to protect yourself—and your data.

  1. Test and assess your IT network

What you don’t know can most definitely hurt you. Start your spring cleaning by conducting a full review of your network, with the goal of creating a common baseline of software versions, patches, and hardware security. Vulnerability analysis, network-penetration testing, phishing and spear phishing testing, and other social engineering can all help ensure security standards are met or exceeded.

  1. Think like a hacker

As The Art of War taught us, if you don’t understand your enemy, you can never hope to defeat them. In this case, your enemies are internal threats and hackers, both of which can be overcome if you know what they’re looking for. As you perform your vulnerabilities scan, be sure to comb through every security layer—because that’s exactly what they’ll be doing.

  1. Enforce security policies

 Hopefully you’ve already established security standards, but if you haven’t, now’s your chance. Create written rules regarding acceptable use of your company’s data and equipment and how to report security threats—then make sure your employees follow those rules to a tee. Teach them how to protect sensitive information, and educate them regularly so they know how to recognize and avoid cyber threats like phishing scams. Then, be sure to update your employee handbook and other policy guidelines to include security procedures, including email, messaging, and social media use.

  1. Patch things up

While daily patching isn’t always practical, it’s wise to set up at least monthly patch cycles for servers and workstations. Systems that were patched on even a quarterly basis were impacted by 2017’s WannaCry ransomware attack, so it pays to be persistent with patching.

  1. Back up your data 

Speaking of ransomware—it’s not just a threat for larger corporations. Regardless of your business’s size, a data backup can save you from losing precious information when facing a catastrophic hit.

Have a backup. Use your backup. Test your backup. Sending your data offsite is a great start, but how long does it take to bring it back, set up a new server, and get everything running again? Review your backup reports, and know your Recovery Point Objective (RPO) and Recovery Time Objective (RTO), the point in time to which your business must recover and the time it can tolerate to get there. These preventative measures will help you restore most—if not all—of your crucial data if the worst should happen.

  1. Change your passwords

The majority of an organization’s devices end up in a “set it and forget it” mode when it comes to passwords. This leaves you vulnerable to phishing attacks and breaches (especially by disgruntled former employees). Spring cleaning is a great time to change your passwords, which should happen yearly at the very least. This includes SANs, switches, wireless, DNS, and more.

  1. Monitor your network security

It’s incredibly important to have a monitoring system and alerts in place for critical services, servers, and network equipment. Server thresholds and utilization, network equipment online status and access attempts—monitoring activities like these is the key to proactive security.

Don’t go it alone

Staying one step ahead of new and emerging cyber threats can be exhausting work. Luckily, you don’t have to go it alone.

eMazzanti provides expert consultation, management, and crisis control for companies large and small. From 24/7 remote monitoring to advanced threat analytics and onsite digital video security, we’re here to help keep your datasafe and secure and your business running smoothly. Contact us today to find the protection you need.