Since 1993, a priority of MainSpring is to provide clients with the infrastructure to secure their corporate data. This year, with the surge of WFH (Work from Home), it is time to audit existing plans. Can your current cybersecurity plan stand up to today’s change in the work environment?
It is time for a new cybersecurity checklist. In this blog, I provide eleven steps to ensure the security of corporate data.
The security risk of WFH
Recently, I published a blog about the security risks of a distributed workforce. The security risks are real, and they are relevant for any size business. From solo-entrepreneurs to large employers and even government agencies, it is time to address the security risk wrapped around WFH. As part of the MainSpring checklist, the below should be assessed:
- Mobile Apps: What’s your mobile device management (MDM) approach? Review applications that your employees have added to corporate mobile devices. Mobile applications provide a door into your corporate data. Thousands of new mobile apps are added to digital stores weekly. Who created those applications? Are any of your employees using an unapproved application on their corporate mobile device?
- Are corporate laptops secured? Review each to ensure that the latest version of licensed software is being used. Also, ensure that anti-malware software has been deployed. It is time to establish strict limitations on corporate hardware. Only hardware distributed by your company should be used for company work. Your IT managed services provider should have all of this in place and can answer this quickly.
- Use a Secure Virtual Private Network. All employees working outside of your network should only be using a secure VPN.
- Deploy a strong password mandate—fight identity theft and corporate data theft with a secure password protocol. Read a recent MainSpring blog about the importance of password protocols.
- "Multifactor authentication can help reduce risks for phishing and ransomware”—LastPass.com. Do you use multifactor authentication? This protocol should be a cornerstone of your WFH security plan. Recently, MainSpring partnered with LastPass to provide multifactor authentication solutions to businesses of all sizes.
Human firewalls work
We continue the MainSpring checklist with the human firewall. Most organizations have experienced some sort of "hack" or "phishing" from would-be intruders. Despite knowing the security risks, many organizational leaders still aren't exactly sure where to start when it comes to creating a security awareness program that will work for their organization. It is time to educate your team and yourself about the importance of cybersecurity, and a modern, measurable way of creating a human firewall.
- How prone are you and your staff to phishing? Let us run a test and find out. You may be surprised to find vulnerabilities. MainSpring offers ASAP—Automated Security Awareness Program.
- Update security policies and distribute the new protocols to your team. A human firewall is the most powerful firewall, and training is crucial. Although most of us are working from home, continued education on the fundamentals of cybersecurity and company protocols is necessary. Schedule a company all-hands video call to review them, or lean on your trusted IT partner to lead the way.
Backup Corporate Data
We have all been impacted by a loss of data. A file not saved; a credit card company hacked; a website crash. From a small to massive failure, all could have been prevented with a few steps.
- Backup corporate data. Create a plan and ensure that all data is backed up at regular intervals. Audit and test your backup plan routinely.
- Encrypt your data. Data encryption translates data into another form or code. Only those with a key or password can read the data.
- Divide sensitive data and store separately. Sensitive data includes personal information about you and your team, corporate data, including trade secrets and customer information. With a history of supporting government consulting firms, and being one ourselves, we understand that knowing the type of data and security protocols to maintain compliance is critical operations and business development.
Protect your website from cyber attacks
Web security should be considered part of your business strategy. As a business, you need to protect your customers and their confidential financial information. You also need to secure your business assets, such as databases, statistics, and product knowledge. And a secure website protects your brand.
- Perform a security audit of your website. A full audit should include the core of the website, the subpages, and even the theme. A complete security audit comprises static and dynamic code analysis, business logic error testing, and configuration tests.
Remember, a website is more than a marketing asset. Often, it is literally a window into your company. A website shut by malware equals “not open for business.” A clean website is a competitive website.
An ongoing process
October is National Cybersecurity Awareness Month. Often, security awareness is heightened through robust marketing during October. Cybersecurity is essential to entrepreneurs, business leaders, and government agencies 365 days a year. It is not enough to focus on security once a year. It is an ongoing process.
I hope you find this MainSpring checklist helpful as you strive to protect your corporate data.
MainSpring is a leading IT strategy and consulting firm driven by giving organizations better control, innovation, and ownership of their mission. Part of our mission is to secure your corporate data. How can we help you?