Cyber Security Best Practices

Cyber crime is becoming a real epidemic. Reports of ransomware attacks and DDOS (Distributed Denial of Service) attacks in the news daily. The motivation of the cyber criminal is to make the targeted business pay a ransom to either get back their data or avoid further business disruption. Committing Identity Theft is also a goal for these criminals.

 

Small businesses sometimes feel safe knowing their smaller size will discourage cyber criminals from targeting them. Unfortunately the data shows otherwise. The U.S. Congressional Small Business Committee found that 71 percent of cyber-attacks happened at businesses with less than 100 employees. 50% of small business had a security incident in the past year. Small businesses are usually less secure due to lack of time, budget and knowledge of security implementation and policy. Unfortunately this can make small businesses an easy target.

 

Benchmark is here to help you with a layered approach to your security. Please contact us at 919 678 8595 for more information and assistance.

 

Security tips:

  • Perform a Risk Assessment

    Knowing the value of what you are protecting will help in justifying security expenditures.
  • Create a Security Policy

    Create a policy that clearly outlines company rules, job duties, and expectations.
  • Physical Security Measures

    Restrict access to networking closets, server locations, and other critical infrastructure.
  • Human Resource Security Measures

    Vet employees by checking references and conducting background checks.
  • Perform and Test Backups

    Perform regular backups of data. Test data recovery for maximum effectiveness.
  • Maintain Security Patches and Updates

    Regularly update server, client, and network device operating systems and programs.
  • Employ Access Controls

    Configure user roles and privilege levels as well as strong user authentication. In addition to  corporate policy credential policy, consider 2 factor authentication.
  • Regularly Test Cyber Incident Response

    Create an incident response plan and test emergency response scenarios. Having a response plan laid out ahead of time will greatly reduce any vulnerabilities, limit the damage of a breach, and allow effective remediation.
  • Implement a Network Monitoring and Management Tool

    Choose a security monitoring solution that is easy use and integrates with other technologies.
  • Implement Network Security Devices

    Use next generation security devices both premise and cloud based that in addition to firewall protection provide, IPS (Intrusion Prevention System), deep packet inspection including SSL (Secure Socket Layer) inspection, Identity awareness, Sandboxing, URL Filtering, and DNS Security.
  • Implement a Comprehensive Endpoint Security Solution

    Enterprise level anti-malware and antivirus software are effective and cost efficient.
  • Educate Users

    Educate users and employees in secure procedures. Awareness of Social Engineering tactics used to gain login information and access to confidential data is a great first line of defense.
  • Encrypt data

    Encrypt all sensitive company data including email, remote users data through VPN (Virtual Private Network), PKI (Public Key Infrastructure)  and certificate management where deemed useful.  At a user level this can include encrypting hard drives particularly for laptop users.
  • Maintain Compliance

    Regulations like HIPAA, PCI DSS and ISO offer effective guidelines for developing security standards.

Please contact us to get more information about this service.