The risk against data breaches has been increasing manifold over the years. According to IBM, the average cost of a data breach is known to be around US$ 3.9 billion globally. To understand the sheer volumes, you must understand that a data breach on the web payment page of a billings vendor of Quest Diagnostics exposed around 11.9 million records.
Organizations have already started to pull up their socks against the menace of frequent attacks. There are several cyber security policies and procedures in place to prevent any data breach. However, the onus lies on each of the employees on the successful thwarting of any such attack. Let us now discuss a few of the policies we need to keep in mind as we go back to work.
Avoid the unknown
The IT team at all organizations must inform their employees not to click on unknown links and stay away from phishing emails that come from anonymous email addresses. The IT policy must clearly state that the employees must not utilize official assets to access any unknown emails. All emails from unknown and generic domains must be quarantined and checked before the employees can have access to them.
Use SSL certificates
The search engines require your website to be secure, and all non-HTTPS sites are marked as “Not Secure”. If you need to secure your site, you must procure an SSL certificate. The HTTPS protocol helps to secure the communication between the web server and the web browser by encrypting it. As a result, no third-party can access any information through unauthorized access.
It is crucial for e-commerce websites to adhere to the PCI-DSS guidelines. The stringent guidelines require you to have adequate security policies in place. If your website have multiple sub-domains, it is best to install a Wildcard SSL certificate. This certificate is cost effective and saves your time.
Do not connect to insecure Wi-Fi
The IT policy must cover a paragraph on preventing employees from accessing insecure Wi-Fi connections. The public Wi-Fi networks are a significant vulnerability that can lead to unauthorized access to sensitive data. The official networks must have adequate security procedures in place to allow only verified users to access this network. However, few employees need to access the network from their homes. Ideally, this should happen over a secure VPN. The IT team must take relevant approvals and ensure that such installations are done on the laptops of the relevant employees.
Undertake periodic audits
You must check your internal networks for any vulnerability that may creep in. It can be carried out any external consultant, but you may also enable your IT team to carry out this activity. You must audit your networks and check whether any systems are still using the earlier versions of any applications. It would be best if you also changed the underlying policy based on any change in your IT strategy.
Use the latest version of the software
All software comes up with patch upgrades periodically. It helps to plug in any gaps and vulnerabilities that may have crept into the application over time. It is vital that your IT team is aware of such upgrades and ensures that all systems are working on the upgraded versions of the software. You may set up alerts that will keep your team notified whenever there is any such upgrade.
Set up a strong password policy
The employees must be trained in the cyber security policies of the organization. A robust password policy is essential to have a secure network. The passwords of the employees must adhere to global best practices. Moreover, passwords must be changed regularly. Ideally, it must be changed every two to three months. The IT team must create a robust password for the internal networks and the VPN that are generally the targets of cybercriminals.
Take periodic back up
The IT team must have a backup policy that details the frequency of taking the backup. Ideally, they should take a backup of the servers at least once every week. In the unfortunate event of a data breach, keeping a copy of the servers at a third location will help the organization to be back on track quickly. The team must also decide whether to store the backup data – on cloud or physical servers at another location.
As businesses return to regular work, they cannot lower their guard against any cyber attack. The risk of data breaches is higher than ever before
There are various other policies and procedures that you can adopt to thwart any cyber attack. We have discussed some of these for your consideration as you get back to work and cyber security remains a point of grave concern.
Always remember that lowering of guard by even a single employee can lead to a significant data breach.