By Jim Zimmermann
It’s National Cybersecurity Awareness Month in the U.S. as well as EMEA. The U.S. Department of Homeland Security has assembled a Stop.Think.Connect. toolkit for different audiences, including government, industry, and small businesses. Organizations of all sizes need to protect their data, whether they have a dedicated IT security staff or not.
Here are some steps your organization can take to increase security and reduce the risks of a data breach or cyber-attack:
1. Review your software and systems for vulnerabilities.
Do you need to run patches or updates? Download new virus and malware databases? Retire systems that are no longer compatible with the latest protection? Upgrade your security to cover new networks or file shares?
2. Give your security policies a refresh.
Make sure your end-user policies cover the current realities of your business. For example, if you allow employees to bring their own devices (BYOD) and use them for work-related email, file access, etc. ensure you clearly document the security requirements necessary to protect company data. If you’re in a highly regulated industry and restrict the use of portable storage devices such as thumb drives, make sure your policies reflect that.
3. Make sure staff know your policies—and how they are enforced.
Remember, the weakest link in IT security is usually people! All the IT security policies in the world won’t protect you if your people don’t follow them. In addition to the obligatory form new hires sign during onboarding, offer regular reviews of the policy—especially when it changes. Explain the consequences of violating the policy, and make sure managers understand their role in keeping data secure.
4. Keep IT staff current on emerging threats and evolutions in cybersecurity.
With new malware proliferating at an alarming rate—more than 21 million new threats in just 3 months, according to one study—it’s imperative to keep your IT group’s knowledge up to date and to make sure that everyone outside of IT knows about security and their role in making your organization more secure. Make sure you have a learning and development program in place that helps keep IT and other employees knowledgeable about security and risks.
Jim Zimmermann is Director of Product Marketing at Skillsoft.