Soaring Towers Homepage
SUPPORT
CLIENT LOGIN

10 Tips for Improving IT Security for Business

Top 10 Tips to Improve Security

With the ever changing challenges of hybrid work, many business are struggling to maintain, secure, and monitor all of their network devices. 

To help keep business secure, we listed the ten best ways to help build a robust cybersecurity strategy for your business.

1. Perform annual security assessment

Taking at look at what your business security and exposure level is is crucial to being able to create a solid cyber strategy. 

This security assessment should test physical and virtual controls as well as business processes to lower the risk of future attacks. 

Identify: 

  • Crucial IT devices such as servers, firewalls, and switches
  • External connections coming into the business
  • Folder and file permissions
  • Global administrator access and use

2. Set up a secure VPN for remote workers to securely connect to company files and protect their connection

VPN’s ensure that all remote connections into your business are encrypted protecting your data from anyone attempting to intercept it. 

Guidelines for VPN policy and implementation:

  • Make connecting to the VPN as simple as possible and require staff to use a VPN when using company devices remotely
  • Use a endpoint management solution or vendor that can monitor and deploy the VPN software
  • Educate staff on what a VPN is and when they need to use it

3. Have a Bring Your Own Device (BYOD) policy with specifies security requirements

Draft a BYOD policy that ensures all devices connected to your company are as secure as possible.

Require devices to be:

  • Up-to-date
  • Secured with companies anti-malware solution
  • Centrally Managed allowing the ability to wipe company data in the event the device is lost
  • Enforced strong password policy and MFA

4. Automate device and software updates and vulnerability management

Install, deploy and update software centrally to ensure all devices automatically stay protected and up-to-date.

Ensure Your Business:

  • Has real time analytics on the update and vulnerability status of all your devices
  • Ensure updates are pushed out on set intervals
  • Setup auto-remediation of vulnerabilities to ensure devices stay protected

5. Back up systems and SaaS application data with integrated backup and disaster recovery solutions

Backups are the only way to ensure your business is insulated from ransomware attacks. 

Your backup solution must:

  • Provide status updates on systems to a central server
  • Allow for devices to be restored remotely
  • Allow backing up of all your business tools, such as SAAS (Software as a service), files, and computers
VPN using MFA

6. Implement multi-factor authentication (MFA) and single sign-on (SSO)

SSO (Single Sign On) and MFA allow for easier password requirements while greatly increasing security and decreases IT problems. 

Your SSO/MFA solution should:

  • Require additional information to verify a users account, in addition to a password
  • Integrate with all your business tools
  • Allow users to reset their own passwords

7. Educate your employees and monitor your exposure to the dark web

Password breaches are becoming a increasing issue for business as many of your staff re-uses the same password. 

  • Setup automated alerts for your email domain in known breaches
  • Educate employees with phishing and security awareness training

Check if you or your staff password is compromised below! 

8. Detect and respond to insider threats

Insider threats are a rising issue for business as in 2019 they accounting for 57% of data breaches globally. 

Insider threats happen when a organization releases confidential information through social engineering or malicious intent. 

Protect your business by:

  • Monitoring logins and setting up logon hours for users
  • Create email policies to ensure sensitive data in encrypted.
  • Alert when a unknown device connects to your business network

9. Deploy an antivirus/anti-malware and endpoint detection and response (EDR) combined solution

The latest threats can slip by even the best anti-virus software, implementing a EDR solution catches what slips through. 

  • Constantly monitor all endpoints
  • Provide real-time protection and response
  • Provide in depth logs on pre and post attack actions

10. Implement and practice your incident response plan

Large Security incidents will happen to the majority of all business, defining a incident response strategy will minimize the disruption to your business.

Incident Response strategy must: 

  • Plan business continuity with an issue
  • Identify team members roles and responsibilities
  • Identify a priority of tools to restore access to
  • Define the restoration process for all business and IT tools.

Sources:
1. 2019 Insider Threat Report, Verizon

2. Kaseya