Best Practice Approach to Data Security
Below is a summary of the presentation given by PCR Business Systems president, Pat Carroll, at the 2019 Day Ketterer CyberSecurity Seminar. For more information on protecting your business from cyber attacks, or if you have any doubts about your network security you can contact Pat directly at firstname.lastname@example.org or (330) 572-7526 x 1001.
PCR is also offering Northeast Ohio businesses a free network security audit to make sure you have the proper cybersecurity measures in place. Remember, it’s much easier to prevent a cyber attack than it is to recover from one.
Simple things that companies can do to guard against cyber attacks. These items need to be in place before anything else:
- Centrally controlled, monitored Antivirus
- Device control with routine patching – not just Windows, all programs – java, adobe etc
- Unique user IDs with central control
- Modern Backup – no tapes
Preventative measures that all companies need to implement:
- No users with admin rights to computers
- No elevated permissions logging in for normal computer use – domain admin or 365 admin etc
- User awareness training – people are the easy target
- Best in class, properly configured email security – .js, .exe, .zip should never get through
- Multifactor authentication on all web facing logins – Office365 is a must
Know your risks and review at least annually:
- Where is sensitive data stored?
- Typical – PII, EHI
- Trade Secrets
In addition, schedule periodic reviews of accounts, permissions and don’t allow access if it is not needed.
Know how an attacker is most likely to strike:
- Use information
- Trick users to send money
- Demand a ransom
- Expose your information?
You have been attacked, what will save you?
Properly configured backup
- Test it
- Attack it – test permissions, try to get to it
Properly configured firewall
- Intrusion Detection with alerting configured
- IP Reputation
- Content Filtering
- Look for suspicious activity leaving the network
- Banking – Know your exposure. Consider Positive Pay on checks and ACH
- Cyber Liability Insurance
- Be careful on the questions they require
- Know what they won’t cover
email@example.com (330) 572-7526 x 1001