Companies are threatened by malware, human adversaries, corporate hackers, hacktivists, and can be hacked in the most unsuspecting ways such as over copper wire. Because of this, we have complied a list of best practices used by highly secure companies. Tailor these to fit the needs of your organization and keep your data safe!
Know what you have: Most companies have no idea what they really have going on in the security department. To ensure the security of your organization, establish an accurate inventory of your organization’s systems, software, data, and devices. To be secure you have to know what to protect. The most secure companies have strict control over what runs where, because each platform is another opportunity for vulnerability.
Remove, then secure: Unneeded programs present unneeded risks. The most secure companies look over IT inventory and remove what they don’t need. More often than not, companies have large numbers of patches and other unnecessary junk piled up that no one really knows about…if your company isn’t IT savy…bring in an establish IT company to handle this task for you. They know what needs to be fixed, patched, updated, deleted, etc.
Run the latest versions: Updates have purpose. The latest software and hardware will have the latest built-ins and security features. It is the responsibility of the owner of the product licenses to keep updates current. Older versions look like a big fat glass of water on a hot day for hackers. Don’t give them the opportunity!
Patch with speed: Patch all critical vulnerabilities within a week of the vendor’s patch release. If your company takes longer than a week to patch, the risk of compromise is increasingly high. Basically, if you think about it most of your competitors will patch on time because they are smart or they have a great IT team in their hear. So if they are all secure and your organization is unpatched, hows that going to look to hackers? Like an invitation that’s how. Now, that being said people will still tell me they like to wait to patch in case of glitches that could lead to operational issues. The most secure companies more often than not, experience little to no disturbance because of patch glitches. The odds are more in the favor of being hacked, so patch away!
Education: As with anything that requires a team effort, it is best to educate all users about the threats the company is currently facing or most likely will face. Education that is led by professionals, and involves the entire team, is the most effective. Not everyone will be on the same page when it comes to the inner workings of the IT world, but at least inform employees on the best practices, how to identify suspicious activity, what to do in the event of a security crisis. Yes it is extremely crippling when the vulnerability comes from the mistake of an employee, but the worst thing that can be done in this event is not informing the right people to fix the problem.
If you would like to educate yourself in more detail about the information presented in this blog post please visit:Effective IT security habits of highly secure companies