While cyber threats to your business evolve over time, the basic principles of defense remain the same. It’s with that thinking in mind that the Federal Trade Commission published its report “Start with Security: A Guide for Business” which details cyber security best practices as gleaned from previous FTC cases. Following are six steps you can start implementing today to keep your network safe.
1. Think Security First
Regardless of what action you want to take, make your choice with security in mind. For instance:
- Don’t collect data you don’t need: Review what you’re asking your customers to provide. Is any of it sensitive data that could compromise them if you’re hacked? Do you absolutely NEED to have all of the information you’re asking for?
- Hold on to information only as long as you need it: Collecting personal customer data can be a necessary action companies have to take, but once the deal is done, it might be unwise to hold onto it. If your business is storing credit or debit card numbers for days after a sale is finalized, you might be leaving yourself vulnerable if you’re hacked.
- Keep Data Secure at All Times: Utilizing encryption methods are important, but make sure that data stays encrypted at all times. Encrypting does no good if, for example, it’s decrypted at some point by a service provider and then emailed back to your office.
2. Control Access
Not everyone on your staff needs access to the sensitive data you have on hand. Put controls in place to ensure only those on a “need to know” basis can see this data.
3. Secure Passwords and Systems
Insist on complex and unique passwords to access your administrative system. And guard against brute force attacks—programs that endlessly guess at passwords until they luck into a match—by restricting the number of password attempts.
4. Monitor Your Network
All of the computers on your network don’t need to talk to each other. House particularly sensitive data in a secure place on your network. And monitor activity on your network, too. Look for suspicious activity that could indicate unauthorized access.
5. Remote Access
Have a mobile workforce? Before you activate a remote login account, assess whether it is secure. And ensure virus protections are up to date on any online portals. Relatedly, update and patch any third-party software you might be using.
6. Verify Security of Service Providers
It doesn’t matter how secure things are in your own house if the security your service providers use is lacking. Make sure to put security standards in writing in any contracts you have with the firms. And if they say they have secure processes in place, verify that this is true.