10 golden rules for a flawless IT security
Cyberattacks are mainly targeting SMEs but hackers can only reach someone if they’re vulnerable. Yet, a company’s first identified security loophole is its employees.
0 comment - Comment this article
A business executive has the responsibility of its digital heritage’s security. Here are the rules to follow to guarantee a secure professional IT environment.
1 – Create a security policy
Gather in a document all the company’s IT security rules:
- - How to safely use the phone, Internet and e-mails
- - Rules about downloading and installing new softwares
- - How to choose a strong password, etc
- - The computer system’s vulnerabilities (-> ask a free check up!)
2 – Talk about the risks
We really want to put the stress on the importance of communication to the employees, partners, clients and suppliers, etc. Colleagues’ awareness to cybercrime is essential for a company. Financial consequences of a cyberattack can be catastrophic for a business and education is its first weapon! That’s why we hold several events to help SMEs with this step. Better be prepared!
3 – Save professional data.
A company’s digital heritage is its foundations. Important data of a business needs to be centralized and daily saved on a local server (to keep control) and a delocalized one in case of physical disaster (theft/fire/flood). You can also choose an easier solution: a local server physically protected against all kinds of physical disaster.
4 – Secure your company’s network
Cyberattacks (ransomwares, malwares, phishing and other viruses) are external aggressions which must be stopped by a firewall and a proxy. Cybersecurity also relies on the protection of the local network, wifi, emailing and all remote access.
5 – Protecting mobile devices.
- Laptops/ tablets: With an appropriate and updated anti-virus
- Smartphones: Special anti-viruses and anti-malwares are developed for mobiles. Also remember to activate automatic locking to protect your information in case of theft/loss.
6 – Protect your personal data
The new European General Data Protection Regulation (GDPR) requires a specific policy for the protection of personal data. A confidentiality agreement needs to be added to all IT subcontracting documents for data hosting (especially if they’re hosted outside of the EU).
7 – Manage sensitive data
Confidential files must be:
- Encrypted when saved (encryption is mandatory for what the government considers as sensitive data)
- with restricted access (personal identification needed).
8 – Secured facilities
A company’s facilities are its core. Physical access to the premises and to the servers must be secured: Closed and controlled access, with digicodes and other nominative badges for authorized persons.
9 – Run tests
Just as security drills, restoration tests (files, system image, servers and operating system) are necessary to prepare for the next cyberattacks.
10 – Ensure business continuity in case of a Cyberattack
If, despite of it all, you still suffer a cyberattack, you can safely recover all your data without paying any ransom. Our solution? Anticipation! Having a disaster recovery plan with a professional backup software is being able to restore all your lost or encrypted data within hours!
You’ve checked all of these rules? Your business is now safe against all disaster.
Any ideas? Want to add something to our list? Please comment!
As for getting a review of your IT security, ask a free check-up,