Managing your organization’s IT security requires a multi-layer approach with the agility and timeliness to keep up with ever-changing threat environments. While IT security is nothing to be taken lightly, there are a few steps outside the data center you and your team can take to directly impact how you defend your data and environment.
What can IT employees do?
Of course, the primary IT security responsibilities are going to lie with the IT staff, but the “To-Do List” isn’t limited to software installations and threat monitoring.
- Leverage two factor authentication: Work with your staff to train them on using and instituting two factor authentication for assets, systems and applications where possible.
- Protect and educate against social engineering: Communicate company-wide about current examples of phishing and other social engineering attempts your team is coming across. Set up an easy channel for employees to report attempts they suspect may be ill-intentioned and share your findings, best practices and preventative tips on a regular basis. Make your coworkers an effective first line of defense.
- Assess your data backup: If your environment is hacked, how healthy is your backup at this moment? Make sure your backups are up to date, being done correctly and in a timely fashion.
- Push security patches: Check to ensure the latest security patches and updates are installed on company assets and applications. Scheduled pushes outside of normal work hours help keep your environment on track with minimal disruption.
- Limit access to sensitive files: Sensitive information should only be accessible by employees cleared for that access on secured networks. Performing periodic audits of who has access to what and setting up alerts for highly sensitive information can help make sure the right audience is getting the information they need.
What can non-IT employees do?
Just because they aren’t directly involved in day to day IT operations, non-IT staff members can still play a major part in keeping data secure. IT security should be a team effort with all hands-on deck!
- Use strong passwords: The better the password, the lower the odds of it being found out. Employees should shoot for 15 or more characters with mixed cases and using special characters. TIP: Don’t use something found in a dictionary; try phrases like song lyrics or favorite movie lines.
- Don’t share passwords: It should go without saying we shouldn’t share our passwords with other people but it’s also true with multiple sites, applications and other log-ins. If one is found out, using it across the board for multiple sites unlocks all the doors with just one key. Utilize a trusted password manager to help keep passwords organized.
- Report suspicious requests or communications: Be aware if you are asked to do something on behalf of someone else especially if it concerns any kind of monetary transactions (funds transfers, gift card purchases, etc.). Double check the email address and not just the name of the sender to guard against spoofed email addresses.
Every organization should be assessing their IT security on an ongoing basis to keep up with the latest hacker methods and risks. Knowing there are several in-house actions teams can take strengthens defenses against bad actors and system vulnerabilities. Enlisting a trusted advisor like Sanity Solutions helps streamline assessments, product demos and updates on the latest security solutions. For a free consultation to see how your IT security measures up, contact us at firstname.lastname@example.org.