2 minute read
Are you doing enough to protect your organisation’s IT security?
HARPREET KAUR
ARE YOU DOING ENOUGH TO PROTECT YOUR ORGANISATION’S IT SECURITY?
by Harpreet Kaur, Student at Edith Cowan University
Checklist to secure your organisation from security breaches
We all know people represent the weakest link in an organisation’s cybersecurity. They are, unintentionally, responsible for most security breaches. They might accidentally click on a link that introduces malware, or fall for a cybercriminal’s deception.
These employee-oriented breaches can be minimised with appropriate cybersecurity policies and practices. Here are some suggestions to create a secure environment.
FOLLOW CLEAR IT SECURITY POLICIES
Every organisation has terms and conditions covering the use of services and applications. These policies must also include a security policy and a privacy policy that each employee must be aware of and must adhere to strictly. The organisation should also have appropriate password guidelines and ensure they are followed by all staff members when choosing passwords for devices and applications used within the organisation.
PROTECTING PRIVACY AND CONFIDENTIAL INFORMATION
Protecting customers’ confidential information is essential: sharing customers’ sensitive information could have serious consequences for customers, such as financial loss, or as a result of the information being used for illegal purposes. Privacy protection measures should cover both digital and hard copy customer information. The latter should be kept safe in a locker that can be accessed only by authorised staff.
NETWORK SECURITY
Internet and other connected networks should be kept secure and protected by firewalls. Remote access to the organisation’s website should be over a virtual private network. Intrusion detection systems should be enabled on all the network systems. Wireless access connections and modems used by staff must be secure.
DESKTOP SECURITY
All desktop hardware and software on desktop devices should be checked regularly. All computers should have anti-virus software installed. There should be security policies covering the use of new software, such that only software approved by the organisation is installed.
Password controls should be in place to ensure sufficient password strength: minimum length, inclusion of non-alphanumeric characters, etc. Password changes should be enforced every 60 or 90 days.
All computers should be patched promptly when updates are released. Patches remove vulnerabilities that can be exploited by attackers. Unused open ports should be closed. PERIODIC AUDITING
An audit will reveal any shortcomings in security policies and should be undertaken every half year.
TIMELY DATA BACKUP
Data security is essential. Daily backups should be taken and stored off-site, and all data should be assessed for its importance, and to determine whether it must be immediately accessible or can be archived.
EDUCATING STAFF
Cybersecurity training should be provided sufficiently frequently to ensure all staff members are up to date with the information they need and the practices they must follow to maintain the security of the organisation.
Following this checklist will strengthen the IT security of your organisation and reduce the chances of a security breach.
http://www.linkedin.com/in/harpreet-kaur-nahar/
