Jan 20, 2019
7 Steps to Protect Yourself from Data Breaches
Data breaches are becoming more and more prevalent in the business world. Organizations are finding themselves continuously exposed to new types of cyber attacks, leaving them desperate for immediate recovery against the detrimental effects that data breaches can cause. While there is no foolproof system stopping all data breaches from occurring, there are a few reliable methods that help prevent and stand in the way of cyber attacks.
Here are 7 steps to protect your organization from data breaches:
- Firewall – Deploy a business-class firewall at every office location
A firewall blocks many known threats from getting into the network. Utilize one with application-level scanning and intrusion prevention. Most importantly, the firewall must be actively monitored. Read more on firewalls here.
- Secure internet gateway – Deploy a cloud based Internet Gateway on every computer
A secure internet gateway detects and stops requests to nefarious web sites and helps thwart those that sneak in via email and other means such as USB drives. A cloud security platform cuts down on the spread when malware is introduced and works to protect devices that are not behind a firewall. Read more on secure internet gateways here.
- Patch management – Actively monitor and manage software updates on all operating systems and applications
A high percentage of vulnerabilities had patches released months before they were ever exploited, leaving only those who failed to apply updates vulnerable. Turning on updates and hoping is not enough; software updates need to be actively managed. Read more on patch management here.
- Endpoint protection – Install and actively monitor a Tier 1 anti-malware solution and perform additional one-off scans periodically on all devices
No one platform detects everything, so layering is important (although only one should be monitoring real-time or system resources will be crushed). It’s important to actively monitor and manage any endpoint solution to ensure that updates are being applied and so that threats are immediately investigated.
- Email protection – Scan all email (incoming and outgoing) by passing it through a spam/malware filter
Spend the money to get one that is better than your email system’s default built-in solution. Consider a solution that can spool your company’s email if the main email system were to ever go down.
- End user training – Actively train your employees so that they can recognize threats and serve as your last line of defense
Outline, teach and practice acceptable use and other policies. Consider a test run – sending benign malware to see who clicks on it.
- Implement a DR plan – Have a comprehensive backup and disaster recovery plan for all of your business’ intellectual property
Put your plan in writing and test it periodically. Don’t forget the cloud data (it’s not sufficient to assume the cloud vendor is backing it up). And don’t forget data that lives on local PCs.
JPMerc & Co. offers low cost, no obligation IT assessments. We’ll identify your current IT risks and offer cost-effective solutions. The report and the knowledge gained is yours to keep with zero obligation and no hard-sell. To learn more, connect with us!