August 9, 2022
10 IT Security Best Practices: What do You Need to Pay Attention To?
It is an established fact that we currently live in the information age, and that the Internet and the exchange of data is the primary engine of the current industrial revolution.
Particularly in the era of Big Data, information collected and used by your company has become an “asset” in its own right of your business, and as such can sometimes be invaluable.
However, this data is a very vulnerable target of cybercrime, and can get stolen by hackers and even competitors without you even knowing.
It is therefore a matter of the sustainability of your business that you ensure the proper protection of your data and that of your users and customers.
It is for this reason that Dirox offers you cyber security services, for your digital platforms and your networks in particular.
In this article, we will determine the most important points of attention to protect you from risks that can put your data in danger.
1. Identify sensitive data.
Before implementing security protocols in your company or in your digital platforms, you must first determine which data are the most critical to protect.
a. Personal data of individuals
Whether it's your employees or your customers, you certainly have a certain amount of information about people. Names, addresses, experiences, expenses, or other socio-demographic data may be of interest to malicious competitors and hackers.
This is all useful information that they can use to steal your customers, learn more about your market, or try to seduce your best human resources.
b. Accounting data
Accounting information such as your income, your expenses, and your annual results give a number of indications on the health of your business, but also the quality of the business model that you have taken years to refine. Losing them to competitors can give them a huge comparative advantage and should never fall into their hands.
c. Payment data
This is the information that is often considered to be the most critical. Account and credit card information must be protected at all costs to avoid scams.
If, for example, a security breach on your E-Commerce site allows a hacker to recover your customers' payment information and he realizes it, your reputation will suffer severely.
d. Intellectual property data
Images, texts, but also patents are also information to be kept as secret as possible to avoid copies and plagiarism. Don't see your research and development efforts wasted because of a bad IT security policy. The stakes and the investments are just too high.
2. Protect your workstations
Most cases of information leakage and hacking are the result of negligence from employees.
A workstation that does not lock once the user is away, a weak password, missing or underperforming anti-virus or firewalls are all points to pay attention to internally. Installing anti-viruses, anti-malware and ensuring that passwords are sufficiently secure are an absolute priority when it comes to cyber security.
Make sure also to disable connections such as Bluetooth whenever they’re not needed, as devices can be remotely hacked this way.
3. Protect your e-mail servers
Before being received on your workstation, emails pass through separate servers, which will also be the source of attacks.
Email servers contain a considerable amount of company information. One only has to remember the various “leaks” such asthe Panama Papers to realize the magnitude that the theft of internal communications can take. Email servers therefore require special attention. First of all, make sure you have an effective spam filter.
4. Train your teams
Be sure to make IT security a key component of your recruitment and training process.
Make no mistake: the mistakes of your employees, their inattention, oversights or lack of knowledge will be ruthlessly detected and exploited by hackers. Impersonations, fake links, phishing scams are all legion on the internet. Have your teams learn how to identify them before it is too late.
Indeed, according to a 2022 Ponemon study, 62% of computer security breaches are due to employee negligence or error.
Teaching them to recognize cyber threats and be suspicious is critical to your company's data security.
5. Equip your teams
With the growth of remote work, more and more employees use their personal computer or telephone to remotely access their workstations and office servers. However, asa company, you have very limited control over these devices.
By providing your employees with standardized and secure machines that you regularly update, you build an additional barrier to prevent attacks.
Also, your employees working in public places (airports, cafes and such) will regularly connect to your servers and date from unsecured networks. Make sure you provide them with VPNs (Virtual Private Networks) to make sure their connection is properly encrypted.
6. Multiply backups
Expect to lose your data completely at some point or another. Whether destroyed by an accident, a bad maneuver, or even stolen, the disappearance of data is unfortunately commonplace.
This is why you need to be very strict about the backup policy for all your information.
Make sure that backups are made very regularly (and before each update or important change)and above all, do not put all your eggs in one basket.
We recommend that you have several locations for your backups: on other servers of your company, on Clouds, or on physical drives disconnected from all networks.
7. Do your updates
Often, the IT equipment of a company, whether it is Hardware or Software, seems a little frozen in time. Once all the tools are in place, some might “abandon” them, without thinking that they too have a life cycle. It is important to keep these properly updated at all time, because it is estimated that 80% of hacks are made possible because of non-updated software suffering from security flaws. Always install the latest patches to fix bugs and upgrade security, especially on software that connects to the internet, such as web browsers.
Generally speaking, when it comes to computer security, updating is the best practice to adopt, including your passwords. Remember that the longer a password remains unchanged, the more vulnerable it becomes.
8. Use innovative security systems
The era of text and/or numeric passwords is coming to an end.
Increasingly, computers and devices include or rely on virtually inviolable digital or biometric recognition systems. Voice, facial or even movement recognition are all techniques that can be used (or better, combined in the context of "multi-factor" identification) to secure your systems.
9. Compartmentalize your access rights
Ensure that employees only have access to the data they really need, and name trustful system administrator system for each team who will be responsible for giving or filtering access permissions of different levels or different durations.
Automatically generated one-time passwords and manual approvals are good ways to properly limit access to your data.
10. Perform security audits
Use IT security professionals to ensure that all of the above points are regularly covered and constantly tested and improved.
Dirox and its teams of cyber security engineers and white hat hackers provides everything you need for your company's data protection all from Vietnam.
Consulting, training, cloud management and stress testing of your work environments consolidate your infrastructure as much as possible to guarantee the best possible protection of your interests and data.