Everyone on cyber Saturday! 6 rules of information security

1. Check the roles and permissions of accounts

The power of users over the system should not be unlimited. It is enough for employees to have access to work programs. And it is better to leave software installation and control over system files to IT-specialists. This way you will protect yourself from situations when an employee runs a malicious file as an administrator and allows him do everything without restrictions: infect with viruses, collect information, spy or use a computer for mining cryptocurrencies.

But delimiting the rights in the system is not enough. Accounts need to be checked and updated from time to time. For example, make sure that new workers do not get extended access. Change settings when vulnerabilities are identified. And check the accounts of employees who no longer work for the company - they must be deactivated or deleted.

Periodically consult a professional to audit information security in your company. Most large organizations, such as banks, do this regularly. Looking at the system from the outside helps you understand what your IT pros might have missed out on with the next change or tweak. It's better to understand security vulnerabilities in time than to deal with the damage later.

2. Keep your passwords secure

Some companies instruct employees to change passwords every 90 days. But sometimes it can reduce the level of security. First, a new access code is often written in a notebook, phone notes, or a sticker with a password is left on the monitor. Secondly, users often change only the last digit or alternate two familiar passwords all the time. The access code must be changed if it has been compromised, for example, it ends up in a leaked database. In other cases, it is not necessary to change the password frequently.

Better improve your password security requirements: they must be long and complex, contain different types of data (letters, numbers, signs). Also, enable password history checking to avoid alternating duplicate combinations. It would be better to supplement the password with multi-factor authentication, such as fingerprint swiping or Face ID face scans.

3. Keep your IT instructions up to date

Some of the IT challenges employees are able to solve themselves. To prevent users from contacting the sysadmins on any trifles, companies develop wiki instructions with explanations: how to set up email clients, connect to VPN, use an office printer, and so on Further. These guides work best in the video format with a step-by-step process through the eyes of the user. Employees will do everything right, and sysadmins will not die from dumped work, if you follow the regular updates of these instructions. Especially when you have new business processes or devices in your company.

Also, keep the guidelines up to date with rules of conduct when problems and failures arise. Employees need to understand when not to try to fix everything on their own, and know where to run if the computer is seriously disrupted. Make sure that the names and contacts of the responsible sysadmins are always in the IT cheat sheets. The easiest way to do this is electronically, so you don't have to give the team new printouts every time.

4. Check working software licenses

Viruses, limiting useful functions, leaking your data are some of the possible consequences of using pirated programs from the Internet. You will save money on buying software, but you will risk your business every day. It is much more profitable to pay for a licensed program than to repair the entire IT system of an office or compensate for the damage to customers whose personal data has leaked to the Network because of you.

Make sure that your employees do not download unverified software from the Internet, but instead tell you what programs they lack to solve work problems. Do not forget to check the license validity period and, if necessary, renew it, so that the work of the company does not stop at the most inopportune moment.

5. Remind employees of the importance of cybersecurity

Digital threats are becoming more and more dangerous, so any company needs to conduct regular IT educational programs. Arrange cybersecurity lessons for the entire team or send periodic mailings. Explain to employees not to leave the computer unlocked when they are away for coffee, or to let colleagues work under their account. Explain the dangers of keeping important work files on your personal phone. Provide examples of social engineering and phishing cyberattacks against other companies.

Preventive measures are one of the protection strategies that minimizes risks. Talk to employees about IT threats, because the weakest link in the system is the human factor. Be careful with flash drives: do not transfer files from home to work computer, ask partners and colleagues to use file sharing, not media. Never use flash drives found in the office or anywhere else: they may contain virus programs.

Your employees need to understand why you can't throw work files to each other on social networks or do something bypassing the company's IT systems. Customize Feedback: See how happy your team is with digital data tools. If it is difficult for employees, try to optimize business processes.

6. Keep your software up to date

In most cases, you receive free updates along with the licensed software. In new versions, developers fix bugs, make interfaces more convenient, and also eliminate security gaps and block paths for possible information leaks.

It takes time and a restart of the computer to update the software. Due to the influx of work, your employees may underestimate the importance of the update and click “Remind me later” in the pop-up window for months. Keep your finger on the pulse and avoid such situations: outdated software always makes your business processes more vulnerable. For reliability, enter the final date after which the restart and installation of updates will be forced.