Panda Labs reports that more than 18 million samples of malware were recorded in the third quarter of 2016 alone. There are more than 4,000 ransomware attacks on a daily basis occurring to companies of all sizes, according to the Computer Crime and Intellectual Property Section (CCIPS). Keeping these and other telling statistics about cyber attacks in mind, shouldn’t information security be one of your top priorities for the rest of 2017? Here is a primer on best practices if you are looking to thrive without fear.
- Maintain Security Patches
Many hackers weasel their way into your infrastructure through backdoors that are left open by old software iterations. Simply keeping up with the latest version of your security patches will help you avoid the majority of problems. Security companies make it their business to monitor what the criminals are doing – they are actually in lockstep with the underworld, not one step behind (as is the perception). Keep up with them in order to ensure your protection.
- Train and Retrain Your Users
Hackers may be able to penetrate your defenses based on the innocent actions of one of your employees. Many phishing attempts are successful simply because some employee was not aware of company policy to ignore and quarantine emails from foreign addresses. As your employees turn over, you should retrain them on a company-wide basis. Do not worry about overlap or duplicate training for legacy employees – everyone can use a refresher course every now and again.
- Establish Clear Use Policies for New Employees and Vendors
New employees should be trained on security policy from day one. This is not something to leave to chance. If your intellectual property is open even for a second, you risk your entire business! Vendors should be held to a high behavioral standard as well. Everyone should be monitored so that if a leak does occur, the company knows exactly where it came from. Learn from past mistakes so that they do not happen again. If a policy does not work, then change it. Policies may also need to be updated periodically based on new technology or hacking/phishing methods.
- Implement an Incident Response Plan
Your company will never be 100% safe from all malware. However, the companies that have a contingency plan in place will be able to mitigate the damage. First of all, every incident response plans should include a periodic backup of records, typically into the cloud. Make it a point to shut down the most important systems if malware gets through so that it cannot spread. Connected systems should have redundant pathways and mirrors so that the customer facing side of the business does not have to stop just because there is a problem.
- Maintain Compliance
Compliance with information security standards is essential to avoiding problems with hackers. In most cases, industry wide standards are updated in response to the latest attack or uncovered technology. Remaining in compliance ensures that you are up to date on the latest security measures that are available to you.
Although every company will employ different nuances in terms of security, the five points mentioned above provide a good security infrastructure for every business regardless of industry. Make sure that these best practices are followed religiously to protect your company IP and client information.