- Hopefully you’ve dropped your administrative rights over your system, as this is a really simple thing to do, costs almost nothing, and quickly enhances your system’s security.
- You’ve checked your systems to make sure they’re fully patched, including not just the operating system, but third-party programs as well, and you’ve got someone watching over these to make sure the correct patches are rolled out promptly.
- You’ve gotten (or at least looked into getting) a web content filter to screen out malicous websites before your systems are allowed to access them.
- Your IT provider has configured your firewall to allow only legitimate traffic out from inside your network, so that if a computer on your system is compromised, it won’t be able to talk to the bad guys in charge.
- Your email administrator has restricted attachments, blocking anything that is not absolutely required.
- You’ve identified the points on your system where data is stored, and worked with your IT provider to restrict access to only those who need it on a need to know basis, instead of just opening everything up to everyone.
- You’ve verified that you have rock solid backups, appropriate to your required level of recovery, so that your business could get “back to business” rapidly in the event of a disaster.
- You’ve let your staff know that they are constantly at risk from Internet threats, and have investigated implementing a security awareness program to keep them and your critical assets safe from phishing scammers.
- You’ve worked with your IT staff, or at least started the conversation, to whitelist and allow only authorized applications to run on your network, making it so that malware won’t be allowed to run if it somehow slips through the above controls.
Peter Nikolaidis is an information security professional based in Cambridge, MA. He holds several information security certifications, including the CISSP. In his spare time, he enjoys practicing martial arts and yoga, mountain biking, and thinking about ways to protect the innocent… often from themselves. Connect with Peter on LinkedIn.