There’s one positive thing about last week’s massive global WannaCry ransomware attack: we’re seeing much greater interest in digital security, and an increased awareness of the many cyber threats to our computer networks each day.
Each day, someone asks us a variant of this question: “I protect my business with product X: is that a good product?” Well, product X might work well, but the hard truth is that no single security practice or strategy can provide comprehensive protection. Strong security requires many products, services, and processes, all working together. There are terms for this kind of integrated protection: one is multi-layered security; another is layered defense.
What are some of these security layers? Anti-virus, anti-malware, and anti-spam applications, monitoring, maintenance, automatic encrypted backup, data encryption, firewalls, virtual private networks, password management, and employee training are the most common solutions that are woven into a security blanket for a company’s computer network.
Here are CMIT Solutions’ top five strategies for protecting your data and digital identity. You may not be able to implement them all at once, but each step will make you safer tomorrow than you are today.
1. An IT professional should handle security patches and software updates as soon as possible. We’re using the word “handle,” because we know that software updates are not always quick, one-step procedures. This causes “do-it-yourselfers” to delay vital patches and updates. The security patch that would have stopped WannaCry was released two months before the attack, but thousands of people hadn’t gotten around to installing it. (Note that “do-it-yourselfers” include uncertified people who have been drafted to supervise their companies’ IT in addition to their regular jobs.)
2. ALL of your company’s devices should be protected. If you allow computers or devices to connect to your company’s network from remote locations, those machines require the same level of management and protection as the computers inside your office.
3. Your data and your identity should be protected while in transit. Your data and your identity should be protected while in transit. We can provide your company with safe transition methods such as a virtual private network, and two-factor authentication.
4. ALL of your data should be backed up at least daily, and you should be sure that it can be completely restored. Comprehensive backup, and confidence in restoration, has allowed many companies to completely ignore ransomware demands. Their IT providers wiped their machines clean, and restored their systems from their backups. Many companies have also been dismayed to learn that they couldn’t restore all of their data, which is why we offer services to test your backups.
5. Train your employees to handle the sea of dangerous links that wash up on their computer screens each day. Email messages and websites are filled with traps. Writing a clear security policy is an important step, but without employee training, it won’t help much. We provide employee cyber security awareness training.