Security Updates

Hackers will exploit flaws in your system. Update your operating system on your personal computers, mobile phones, tablets, and laptops. Update your applications – especially the web browsers – on all your devices too. Configure your devices, applications, and operating systems to leverage automatic updates.

More than 90% of successful cyber-attacks start with phishing emails.  A phishing scheme is when an attachment, link, or webpage looks legitimate on an email, but it’s a trick designed by bad actors to have you reveal personal information, gain access to your system, or install malware.

These systems will help you detect and block malware such as ransomware. Look for systems that are updated daily to ensure your system is protected from the latest threats.

Allowing employees to use business systems for personal purposes increases the risk of your system being compromised. 

Use strong passwords (i.e. At least 8 characters long with upper/lower case, numbers, and symbols such as #, @, *, (, ),&, % and others), and ideally a password manager to generate and store unique passwords.  Do not share passwords with other employees.  Do not use the same password for accessing different applications, websites, email, or social media, and change your passwords frequently.

A password isn’t enough to keep you safe online. By implementing a second layer of identification, like a confirmation text message or email, a code from an authentication app, a fingerprint, or Face ID, you are giving your bank, email provider, or any other site you are logging into the confidence that it is really is you. Multi-factor authentication can make you 99% less likely to get hacked.  Enable multi-factor authentication on your email, social media, cloud services, online shopping, and financial services accounts.

Only assign privilege or administrator accounts to your employees when necessary. This will prevent them from being able to change security controls in your system or install unwanted programs. Understand that an additional threat with such access rights is if your employee's account is hacked, the hackers will automatically have administrator privileges to your system.

Ensure you have an appropriate backup of all your data and system configuration. Microsoft provides an easy way for you to backup your systems and data on the cloud.

Limit non-employee access to your systems. As a good rule of thumb, always configure your system to lock the screen after 10 minutes of inactivity. Organizations should also disable an employee’s ability to attach/plugin any external device (flash drive, CD, another computer, phone, etc.) into a company device. Implementing such a restriction limits an employee's ability to download inappropriate items into the company system or extract/copy sensitive company information.

Educate all your employees on good security practices and enforce compliance through documented policies and procedures.  This information should be presented through ongoing training/discussions.

Utilizing third-party information security vendors allows you to concentrate on servicing/growing your business while they as they use their expertise to help manage any critical threats. Information security support varies from basic support to teach you how to secure your systems, to configuring and maintaining the security controls, up to someone serving as a daily resource to detect and address ongoing threats.