Organizations are often lulled into a false sense of security when it comes to data, thinking they’ve got everything covered with safe networks and updated systems, and they question why they would ever be targeted by a cyber attack. The answer is simple: common vulnerabilities in popular software and systems are exploited all the time, and attackers conduct random scans to track down these vulnerabilities. Most organizations don’t even realize that they have been breached and only find out when the damage has already been done.
Below is a quick list of ten essential security practices that everyone can and should employ.
- Educate your employees about the dangers of phishing and malware. Most people don’t understand why clicking on links or opening attachments can potentially ruin a business. Only 58% of employees recently surveyed by Cisco were aware of the risk they pose to corporate information, and an alarming 39% said they thought it was the company’s responsibility to protect data, not theirs.
- Develop effective policies and procedures that provide comprehensive safeguards, including policies for mobile devices, home working, asset disposal, encryption and application downloads.
- Ensure that your employees have read and understood these policies and the reasons that they have been implemented, and that there is a general culture of information security awareness among your staff.
- Use only the latest software, frequently install software patches and keep your antivirus software up to date.
- Conduct regular vulnerability assessments and penetration tests of your websites and infrastructure to ensure you keep up with evolving threats and vulnerabilities.
- Use unique, non-dictionary alphanumeric passwords. Change your passwords frequently. Never repeat passwords across multiple sites.
- Shop only on secure websites that display a padlock and “https” in the URL.
- Ignore unsolicited emails requesting you to click on links or open attachments.
- Be skeptical when using social media – avoid videos and links that display shocking, X-rated media, or any other links that seem too good to be true.
- Implement an information security management system (ISMS) that takes a comprehensive approach to information security, covering people, processes and technology. ISO 27001 provides the guidelines for establishing an effective information security management system.
ISO 27001 is the international information security management best-practice standard that will help you protect your information assets, comply with local compliance requirements and thrive as you give your customers confidence that their information is protected.
Leverage our ISO 27001 expertise 24/7 to protect your information assets anywhere in the world. Our structured solutions enable you to implement ISO 27001 at a speed and for a budget that is appropriate to your individual needs and preferred project approach.
10% discount is available for website purchases.