Cybersecurity has become a very important topic in our day and age. Keeping your data and your client’s data is important to the overall health and continued success of your organization. Here are 5 areas that you must be focusing on when it comes to cybersecurity.
*BONUS – get our free downloadable PDF at the end of this post and assess how your organization is doing on cybersecurity.
1. Physical
The physical layer of cybersecurity refers to your building, office or network closet. This can be anywhere where you have sensitive information and data that pertains to your organization.
Being physically secure in your organization is incredibly important. What does this look like? It means that everyone has access to the right places at the right times, and that access to confidential organization information belongs only to those who absolutely need it.
Dan Moshe, CEO of Tech Guru, feels that this is the foundation to becoming secure as an organization because, “if you don’t have physical control over the assets in your environment, everything else is at jeopardy.”
How does your organization get secure at this layer?
- Sensitive equipment and documents are secured in protected, locked rooms.
- Facility access systems managed, with door locks and custom key fobs so you know who is coming in and out of your office.
- Adding video surveillance for your office building, adding an extra layer of protection.
- Establishing loss and theft mitigation. Adding asset tags to your devices that say, “If lost, please call.”
- Establishing key and code management for your organization. Creating a spreadsheet tracking the ownership of key fobs.
2. Network
The network layer of cybersecurity refers to your wireless network, switches, firewalls, remote access, services and cloud services. This is how your data is being used by your organization, both in onsite and offsite.
Moshe talks about the importance of having an internal owner of your network, even if you have an outsourced IT provider. Since your IT provider usually works off-site, it is beneficial to have someone in the office who can be notified and be made aware of issues right away. Moshe commented, “It’s great to have someone internal who is advocating for your organization and thinking of important questions to ask your IT provider.”
How does your organization get secure at this layer?
- Establishing an internal owner of your network who is on your staff
- Establishing secure password & login best practices
- Keeping guest and private networks separate
- Updating your network regularly
- Each device and service has an owner and it is on file somewhere in your system
3. Devices
The devices layer of cybersecurity refers to the devices that are used within your organization, such as smartphones, tablets, desktops, and laptops.
With the emergence of more devices in our society and increased appearance of remote work, establishing a device policy within your organization has never been more crucial.
Moshe explains the benefit of adopting a remote management and monitoring service for your employee’s devices. These policies should include “what you require for your employees to do with their devices to configure them and how you follow through and enforce the policy.” Moshe goes on to explain that one of the ways to enforce a policy like that is through remote management and monitoring. The benefit of this system is that these policies and security precautions will automatically be enforced before an employee can access confidential company data.
How does your organization get secure at this layer?
- Passwords & lock-out settings enabled
- 10 or so failed password attempts wipe the device
- Monitor backups and software updates on devices to ensure people are updating devices with the necessary security updates.
- Encryption enabled
- Outsourcing remote management & monitoring to ensure you are always up to date
- Devices have remote wipe & location tracking enabled
4. Apps
The applications layer of cybersecurity refers to the applications that are used within your organization, including but not limited to email software, financial software, CRM software, and cloud services you may be using.
Every organization uses a variety of different applications. Getting control of the applications your organization is using and how they are interacting with your organization’s data is a crucial component to getting secure in the long term.
How does your organization get secure at this layer?
- Being cautious about data leakage and knowing how many applications have access to your contacts, photos, and data on your phone.
- Make sure data encryption is enabled and on for all your applications and devices.
- Passwords policies activated, such as two-factor authentication
- Creating automated updates and tracking when those updates are happening in the future.
- Every application that is being used in your organization is approved by the leadership and has an owner that is responsible for management of the application
5. People
The people layer of cybersecurity is exactly how it sounds. It is about the people within your organization, everyone from contractors and interns, to employees, and all the way up to board members. Anyone who comes in contact with the data in your business is considered part of this layer.
Your organization’s security is only as strong as your weakest link. It’s not good enough to train 99% of your team. Tech Guru empowers everyone in the organization, top to bottom.
Moshe advises organizations to “Train your people, regularly, annual, semi-annually.” The important part is to train and to start an open dialogue about security and the many questions that come with it.
How does your organization get secure at this layer?
- Regular training for new and current staff
- Monitor remote access
- Test your people in real life by optimizing social engineering testing
- Defining roles & responsibilities
- Creating and enforcing password policies
Check out your organization is doing with cybersecurity – download our cybersecurity checklist here.
If you feel like you need an extra look at your businesses security, click here to request your complimentary consultation.