Tony Rushin returns for another guest post. Tony has spent his career in technology: this is his fourth of five posts on reducing cyber security risks. You can find his first post here, second post here, and third post here.
Security-driven leadership is critical and having, and enforcing, policies to guide behavior is important. Equally important to reducing your firm’s cyber security risks are the security enhancements your firm can achieve through the use of technology tools. Many of the most valuable tech-based strategies are straightforward, inexpensive and relatively simple to apply. When approaching these types of security measures, you should be thinking in terms of layers of prevention, with redundant protections to secure your data built in at multiple levels of activity.
Effective tactics to improve security using technology tools include:
- Enforcing existing policies. Many policies, such as password length and complexity, can be enabled and enforced in an automated manner.
- Having a high-quality, physical firewall. And keep the firmware and enhanced security features up-to-date.
- Keeping all hardware current with security updates and patches. Servers, desktops, laptops, tablets and smartphones.
- Utilizing solid anti-virus and anti-malware tools on all devices. And make sure it’s up-to-date.
- Encrypting hard drives on all laptops. This can save a huge amount of money and stress should a laptop get into the wrong hands.
- Using a password manager. There a number of reliable password managers available, at low cost or even free.
- Considering a Mobile Device Management (MDM) solution. MDM tools allow the firm to enforce security policies on mobile devices.
- Backing up data securely at an off-site location. An important strategy for all firms, and not due only to the risk of cybercrime.
- Having locally accessible backups and a quick recovery option. Having a fast and local backup device can be a lifesaver.
- Developing and testing a Disaster Recovery (DR) plan. Having a DR plan in place is key to a quick recovery.
This is not meant to be a complete list of prevention technology since every organization’s needs are different based on size, focus, work protocols and other factors.
In the next article, I will dig into the final key to reducing your firm’s cyber security risks: detection.
Tony Rushin, Vice President for Network 1 Consulting, has spent 30 years in high-technology sales & marketing, from IBM to start-ups. Network 1 is an IT support company in Atlanta that becomes – or augments – the IT department for law firms and medical practices. You can reach Tony at 404.997.7633 or firstname.lastname@example.org.