Cybersecurity Best Practices

Cybersecurity works best when it is applied in layers and is put in place proactively rather than reactively. Using hardware, software and controls, small and mid-sized businesses (SMBs) can help prevent cyberattacks or limit their spread within the network. Strong cybersecurity practices demonstrate a culture of safety to employees, customers, regulators and vendors. DIGIGUARD has compiled a checklist of industry best practices for SMBs that encompasses these main categories of cybersecurity:

• Monitoring
• Detection
• Response
• Remediation
• Recovering

Our expert consultants can evaluate your existing controls, update your technology and suggest ways to improve your security. We balance the need for robust security with the need for efficient workflow.

IT Security Checklist:

Information Technology Assets – Assess critical inventory assets such as:

• Technology – Network infrastructure, hardware, software, data storage, files, applications
• Employees – Departments, management, IT security staff, partners
• Processes – Workflows, roles, procedures, locations, equipment

Existing Security Solutions – What products and vendors are in place, what services are duplicated, what protections are missing, such as:

• Email security
• Firewalls
• Malware protection
• Network segmentation
• Remote access security
• Cloud security
• Physical site security
• Breach monitoring and alerts
• Multi-factor authentication and biometrics

Auditing for Patches and Updates – Reduce vulnerability by using the latest versions, patches and updates for existing protections with:

• Inventory all devices and operating systems used by your company including employee-owned devices
• Review operating systems to ensure the latest versions
• Update anti-virus software
• Update routers and firewalls
• Utilize email filters for spam, malware and social engineering

Data Recovery and Business Continuity Planning and Solutions – Regular backups ensure that losses from data breaches and ransomware encryption are minimized by:

• Categorizing data for backup requirements
• Cloud and on-premise backup solutions
• Regular data backup and recovery testing

Third-Party Vendor Security – Increased external vendors can mean increased security risk. Minimize exposure by:

• Requiring proof of strong IT security for external vendors with network access
• Limiting and segmenting access for external partners

Access Controls – Carefully limit access and administrative privileges to network and data by:

• Automating server monitoring to flag anomalies
• Prohibiting shared accounts
• Monitoring and tracking logins and user history
• Limiting remote portals and ensuring endpoint security for remote users

Employee Training – Empower staff to make sound security decisions and become human firewalls with:

• Acceptable use policies for equipment
• Confidentiality agreements with external partners, freelancers and contractors
• Network privacy policies
• Strong password policies
• Email safety training to identify spam, phishing and social engineering

Configuration Monitoring – Review network connections and activity to identify threats by:

• Creating acceptable use policies and agreements for devices and internet access
• Creating bring your own device (BYOD) policies and agreements
• Reviewing connections

Remote Network Policy – Control remote devices and endpoints to reduce cyber threats by:

• Compiling approved and authorized connection lists
• Utilizing LAN technology
• Installing firewall intrusion detection software for portals
• Setting up virtual private networks for remote access

Encryption – Deter data theft and compromise by scrambling valuable, sensitive and private data into unreadable text for assets such as:

• Intellectual property, formulas, recipes, confidential business data
• Customer financial data
• Sales and company financial data, pricing lists
• Personal medical data

Incident Recovery Plan – Establish a formal plan, including:

• Company IT security contact names and roles
• Outside service contact
• Locations and scope of backup data
• Forensic, regulatory and legal requirements for reporting and notification
• Schedule of recovery plan review and vulnerability testing

Breaches happen, and cybercrime evolves. No business is completely safe from an attack or breach, but the steps in this checklist can reduce the likelihood of a cyberattack. Having a robust and comprehensive cybersecurity plan in place is essential to protect your SMB from this type of devastating loss. Experts recommend reviewing your network security plan annually. Contact DIGIGUARD today to put cybersecurity best practices to work at your business.