Protect Your Business from a Security Crisis
Is your business prepared to handle a data breach or security crisis? Focus on implementing IT policies and procedures to address the risks.
A security breach can happen in an instant with an unsecured laptop, a malware attack, external fraud or internal misuse of company information. Like cleaning up an oil slick, the damage can be difficult to contain and may have long-lasting effects. The recovery of resources and data can be daunting and expensive. That’s why it’s essential to invest in technology and procedures to identify vulnerabilities and implement protocols to minimize the fallout from a data breach or cybersecurity attack.
Identify the Risks
Better protection against IT threats starts with companywide policies and procedures that address the risks, including:
Online attacks. Define best practices for keeping systems secure with antivirus, anti-spam and antispyware software, including instructions to download and install patches to your operating system and browser software as soon as they are released. Consider installing web content filtering software that restricts browsing inappropriate or risky sites.
Gaps in systems administration. Limit systems administrator access to only those who absolutely need it and create a plan to regularly monitor for unusual activity. Reserve software application downloading capabilities for systems administrators by locking down individual computers.
Weak passwords. Establish rules for strong passwords and require employees to keep passwords confidential. Disable passwords of former employees and reset logins for internal systems and vendor applications, accounts and websites when employees leave the company.
Unacceptable computer use. Establish rules for browsing the web, using email and social media sites. Set boundaries for using thumb drives and removable devices, as well as laptops used for remote working. Establish a policy for computer use that spells out the risks and consequences of unacceptable computer use.
Third-party security breach. If you outsource your IT infrastructure, ask about the security policies these service providers have in place to make sure they meet your standards.
Document Your Plan
IT security policies should address the full range of IT-related issues clearly so all employees — not just those on the technology team — understand their roles in keeping the business secure. The policy should include at minimum:
- A summary of the objectives and scope of the policy.
- Roles and responsibilities of individual employees and departments.
- Acceptable use and encryption policies.
- Risk management procedures including access controls and system backups; security awareness and training; and audits.
- Security standards for application service providers to protect against breaches in their networks that could affect yours.
- Disaster recovery.
- Compliance and monitoring procedures.
- Documentation of procedures and disciplinary actions.
Keep Systems Current
If you have a plan for upgrading computer systems or software, Amegy Bank can also help secure the funds you need to make it happen. Contact us to speak with an Amegy banker for more information.