The recent Equifax data breach is just the latest example of an all too common trend in today’s digital world. According to a recent report from Hiscox Insurance, cybercrime cost the global economy $450 billion dollars in 2016 alone. And it’s not just massive companies and organizations like Equifax that are victims. Businesses of all sizes are at risk from malware, hacking, phishing, ransomware and distributed denial-of-service (DDoS) attacks. While large companies have the financial resources to recover from cyberattacks, small businesses often are unable to do so—60%, in fact, go out of business within six months.
Surely no organization—large or small—can be completely protected from cybersecurity threats. But here’s a 10-point checklist to provide your customers to make sure they have maximum safeguards in place:
- Are the operating systems on all computers, servers and mobile devices up to date? All systems should be set for automatic updates.
- Is all antivirus software current? Antimalware programs should be set to check for updates frequently and workstations configured to report the status of the antivirus updates to a centralized server so IT managers can monitor them.
- Is there a strict password policy in place? Organizations should use complex passwords (a minimum of eight characters with a mixture of upper and lower case letters, numbers and special characters) and employees should update their passwords at least quarterly with no repeated passwords allowed.
- Are all devices secure—physically or digitally? File servers should be kept in a locked facility that’s monitored by a security system. All employee mobile devices should be locked when not in use and their data drives encrypted. When a workstation or mobile device has been left idle for a few minutes, it should be set on automatic screen lock.
- Is all backup data encrypted? It should be standard policy that encryption be validated once the backup is completed and that backup logs be checked regularly and files restored to ensure they’ll work when needed.
- Has two-factor authentication (2FA) been implemented? This involves a layer of protection over and above a password. It requires additional information like an authentication code that’s accessed via a text message or an app.
- Are connections to the company’s information resources secure? Employees should connect via a VPN (virtual private network) or other secure connection. And they should be instructed never to use a public Wi-Fi for any confidential work.
- Are used or end-of-life workstations, servers and printers disposed of securely? Before retiring any equipment used for processing data, all hard drives should be scrubbed, thoroughly reformatted or physically destroyed to prevent confidential data from being recovered by unknown parties. Ingram Micro ITAD offers end-of-life services so your customers can be assured that everything is done properly.
- Have employees been properly educated on the latest security practices and precautions? Every company should have a security policy that’s clearly communicated to all employees and contract workers—and strictly enforced. Everyone should be aware of measures to take to minimize susceptibility to cyberattacks, like not clicking on unknown attachments and never providing login password or confidential information to unknown sources. Finally, organizations should have a security incident response plan outlining steps to be taken should a cybersecurity breach occur.
- Have you considered cybersecurity insurance? Since even the best security measures are not foolproof, it’s worth looking into insurance to cover direct loss to the company in the event of a security breach and any damages to clients whose data is compromised.
The above checklist, though by no means exhaustive, covers the basic measures your clients can implement so they can be more confident in their cybersecurity readiness. And of course, you can help them update their security infrastructure so they have the latest and greatest technology in place.