10 vulnerabilities in your IT

A good security policy takes all vulnerabilities into account. Have you thought about these 10?

 

1. Internet connection

Internet has become indispensable.Therefore, make sure you have a robust Internet connection and a back-up plan​ in case the normal connection becomes unavailable due to works or a technical problem.

 

2. Anti-malware and firewall 

The list of malware and other cyber threats is growing every day. A good anti-malware program for your entire IT infrastructure is therefore indispensable, and a firewall can block unauthorized access attempts and network traffic.

In addition, adapted security measures are needed at every level of your IT infrastructure.

These days, a next-generation firewall combined with the latest security software on workstations and mobile devices is an absolute must.

A combination of these two systems can detect and block the most sophisticated threats via artificial intelligence (AI).

 

3. User rights 

A good security policy ensures users have the rights to use the systems and applications they need – and not more.

Provide adequate access management and report attempts to obtain unauthorized access.

 

4. User authentication 

Passwords are the most common form of user management.

• Establish a good password policy with strong passwords which are changed regularly (e.g. every three months).
• Make sure users develop good password habits, such as not using the same password for everything, not noting down a password in a visible place, and not sharing a password.
• In any case, the use of static passwords is always risky. The implementation of a two-factor authentication system, in which users log in with a token or mobile app, is the best way of reducing this risk.

 

5. Security updates

1. Install security updates (patches) for operating systems and software as soon as they become available. Some are run automatically but for others you need to check regularly whether a patch is available.
2. Also, make sure all security systems are kept up to date with new malware definitions and updates.

 

6. Safe e-mail and Internet use

Make technical tools available so that users can e-mail and surf safely: e.g. an anti-malware scanner, a web filter, an anti-spam system, and browser settings to disable Flash and Java.

Alert users to the dangers of attachments and fraudulent websites.

 

7. Don't give "social engineering" a chance"

Cybercriminals often use social engineering to access confidential information via an employee.

Make users aware of the existence of phishing, ransomware and other forms of social engineering such as bill fraud and the ever-growing CEO fraud.

 

8. Back-ups 

Without a sound back-up policy, you risk losing your company data in case of a system crash or cyber attack.

• Choose the right hardware and software for making the necessary back-ups of all your critical data.
• Don't forget mobile devices such as laptops and smartphones. Some ransomware can also encrypt back-up files if the back-up is linked to the system.
• Make sure you also have an offline back-up.

 

9. IT-management 

All of the above are only effective if they form part of a well thought out cybersecurity strategy.

1. Designate someone for the planning, elaboration, and implementation of such as strategy.
2. Discuss with external experts for customized advice.

 

10. Incident management

In case of a cyber incident, your immediate reaction may be to fix the breach as quickly as possible and repair any damage.

By doing so, however, you risk losing evidence that could help you trace the culprits.

Always report a cyber incident to the police and to the contact point CERT. If sensitive information or personal data is breached in a cyber incident, this should often also be reported to the Data Protection Authority (DPA) and sometimes to the people affected.

 

 

Read more on how to protect your company

 

---