While Logical Net HIGHLY recommends the following five security protections, know that cyber security is a rapidly changing environment. It’s essential to perform annual, if not quarterly, assessments of your security posture.
Security Control #1 – Multi-Factor Authentication
As a starting point you should follow a 3-2-1 backup strategy in which you have 3 copies of your data (live, backup1 and backup2), 2 formats (e.g. local and replicated version) and at least 1 offsite (e.g. cloud backup).
We also recommend creating immutable backups – a copy of your data that can’t be changed with typical admin privileges. This is one more layer of protection against ransomware attacks that encrypt your data and demand payment to release it.
When considering backup, you should not only protect your server data but also your emails, any SharePoint data, contacts and calendars.
This topic can go very deep. Contact LogicalNet and we can discuss the best approaches including backup frequency, full copies vs. snapshots, and what your business needs in terms of recovery time period.
Security Control #4 – Remove Admin Rights From Users
Your users are often the weakest link in your line of security defenses. Every employee should receive mandatory security awareness training on a regular basis. Today’s training is typically online coupled with videos and quizzes. Best in class training also includes phishing simulations in which emails are sent to all employees to test their ability to detect phishing attacks.
Employees who succumb to phishing simulations must be re-trained and then re-tested.
Adopting these top five security controls will put your business on a much stronger path to cybersecurity. Today, most cyber insurance underwriters require these same controls to qualify for an insurance policy. And as critical as these controls are in today’s environment, you should take a dynamic approach that is specific to your business and adapts as new threats emerge.