November 2015

Top Five IT Security Best Practices

The medical, legal, and accounting industries are well known for taking the privacy of their clients seriously. However, this issue is important for nearly every type of business. In light of several recent cyber attacks, IT security has been highlighted as a vital component of any successful organisation.

With that in mind, here are several best practices that companies can follow to better protect their digital information.

1. Use and Maintain Anti-virus Software

Using anti-virus software is an absolute requirement for companies of any size. Viruses and malware are some of the most effective weapons in a hacker’s arsenal. Even computers with the latest security measures are still at risk if they were compromised in the past.

Simply installing and using an anti-virus application is not enough. The software must be updated frequently. Keeping your anti-virus programs up-to-date is important to maintaining a well-secured computer.

2. Create a Backup and Recovery Plan

A catastrophic loss of data will cripple your company, often beyond the point of recovery. For this reason, backup and recovery plans are essential, even for startups. These plans help companies survive and recover from both physical and digital disasters.

A backup plan specifies how backups will be made, as well as how frequently they will be tested. If you already have a backup plan, consider revisiting it. Many plans fail due to changes in infrastructure or data organisation.

A recovery plan attempts to restore the backup, taking various concerns and scenarios into account. Successful recovery plans can minimize both the loss of data and downtime associated with a catastrophic event. They are worth their weight in gold if and when such an event occurs.

3. Use a Firewall

Firewalls are another important tool in keeping your information secure. They manage and control incoming and outgoing traffic, providing an inherent defense from attackers. Firewalls are available as either software or hardware.

Creating a firewall by using a hardware device can be complicated — leave this to the experts. Hardware firewalls are most useful for large companies since they can provide uniformity across the entire system. Software firewalls are typically pre-configured and easier to set up. These are more appropriate for smaller businesses.

4. Control Access to Protected Information

Controlling who accesses privileged or protected information is vital to protecting customer privacy. As a result, access control systems must be established to determine which users have permission to view which documents. Small businesses can install CCTV Systems for a relatively low-cost to improve on the physical security of locations quickly and easily.

Implementing role-based access levels is the solution to this problem. An employee working in the billing department would have an authorization level different than that of a physician. The same is true about administrative assistants and senior partners, or other comparable positions in any industry.

For larger companies, system administrators should be responsible for setting users’ access levels. Smaller companies can manually assign access through the use of an access control list.

5. Teach Employees the Value of Information Security

Information security, or InfoSec, is the practice of defending the corporate infrastructure and related assets from exploitation. Historically InfoSec relied on highly trained individuals to monitor for and defend against attacks from outside parties.

Recently, focus has shifted toward teaching security awareness to all employees. Proper education provides even non-technical employees with the knowledge and tools to identify common attacks and react appropriately, further protecting businesses.

Final Thoughts

Unfortunately, there is no comprehensive list of IT security practices for every business. This list is a starting point for companies thinking about how they can better protect their data. Contact us to learn more about following these practices or addressing similar security issues.