Best Practice Approach to Data Security

Below is a summary of the presentation given by PCR Business Systems president, Pat Carroll, at the 2019 Day Ketterer CyberSecurity Seminar. For more information on protecting your business from cyber attacks, or if you have any doubts about your network security you can contact Pat directly at pat@pcrbusiness.com or (330) 572-7526 x 1001.

PCR is also offering Northeast Ohio businesses a free network security audit to make sure you have the proper cybersecurity measures in place. Remember, it’s much easier to prevent a cyber attack than it is to recover from one.


Simple things that companies can do to guard against cyber attacks. These items need to be in place before anything else:

  • Centrally controlled, monitored Antivirus
  • Device control with routine patching – not just Windows, all programs – java, adobe etc
  • Unique user IDs with central control
  • Modern Backup – no tapes

Preventative measures that all companies need to implement:

  • No users with admin rights to computers
  • No elevated permissions logging in for normal computer use – domain admin or 365 admin etc
  • User awareness training – people are the easy target
  • Best in class, properly configured email security – .js, .exe, .zip should never get through
  • Multifactor authentication on all web facing logins – Office365 is a must

Know your risks and review at least annually:

  • Where is sensitive data stored?
  • Typical – PII, EHI
  • Trade Secrets
  • Non-Typical

In addition, schedule periodic reviews of accounts, permissions and don’t allow access if it is not needed.

Know how an attacker is most likely to strike:

  • Use information
  • Trick users to send money
  • Demand a ransom
  • Expose your information?

You have been attacked, what will save you?

Properly configured backup

  • Test it
  • Attack it – test permissions, try to get to it

Properly configured firewall

UTM FEATURES

  • Intrusion Detection with alerting configured
  • IP Reputation
  • Content Filtering
  • Look for suspicious activity leaving the network

Misc:

  • Banking – Know your exposure. Consider Positive Pay on checks and ACH
  • Cyber Liability Insurance
  • Be careful on the questions they require
  • Know what they won’t cover

 

 

 

Pat Carroll 

pat@pcrbusiness.com  (330) 572-7526 x 1001