TECHNOLOGY
Secure your data from page 31
Protection Guidelines
Here are some very basic guidelines that companies could follow to protect their information :
1 . Take information security seriously : Having a dedicated person or a company to service this aspect would be money well spent . I have come across insurance agencies who don ’ t think they are vulnerable because they are not a ‘ big fish .’ On the contrary , it is the smaller companies that are often targeted and are easily compromised . Companies also need to have a periodic security audit program in place .
2 . Ensure your system patches are up to date : It is a common tendency to postpone software updates or operating system upgrades , because this act requires downloading the latest patches and watching frequent system reboots , taking away precious time from your day . However , some of these updates could be security fixes that protect you from the very threats that you would rather not encounter .
3 . Protect your system with effective antivirus software : While nothing is perfect , we have seen a solid improvement in antivirus software that detects a variety of virus signatures and quarantines them effectively . However , make sure to keep this software current .
4 . Define your company ’ s security policy : With expert help , clearly spell out dos and don ’ ts for the company including rules for password creation and periodic password changes . Ensure computer screens auto lock every so often . Offer security training for your employees and contractors to educate them on typical cybercriminal tactics .
5 . Enable remote logins to the company environment : A Zero-Trust Network Access ( ZTNA ) model which will be a safer successor to a Virtual Private Network ( VPN ) with appropriate security safeguards like a digital token should be the de facto method for remote workers to access enterprise resources like company files data . Many associates these days are working off their home computers , emailing and downloading work-in-progress attachments which could technically carry a deadly viral payload .
6 . Protect your servers : Most agencies I have met with have at least one server where they store contracts , production and commission data at the minimum . A firewall acts like a gatekeeper to your enterprise . A robust firewall configured correctly should protect you from network intrusion , and enforce strong encryption on all data leaving your enterprise .
7 . Avoid cheap cloud storage : The cloud is susceptible to security breaches too . There are many free or cheap cloudbased services out there which could also be targeted by hackers . Do not store sensitive information without applying all security precautions like encryption and other controls . It would be prudent to pay for additional upgrade options including a HIPAA compliant plan for such services .
8 . Discourage the BYOD ( Bring Your Own Devices ) philosophy : Smaller organizations often turn a blind eye to employees ’ use of personal computers and storage devices , since it saves them money . However , company-supplied devices can be typically secured to access only company-owned storage devices . Such computers could be configured with their USB ports blocked to disallow transfer of potentially corrupted files from a personal device which could compromise the enterprise network .
9 . Ensure your third-party systems providers follow strict security guidelines : You may have built Fort Knox by implementing security best practices within your company but outsourcing your key functions involving sensitive data to vendors who do not have any controls is tantamount to padlocking your front door but leaving the back door wide open to cybercrime . Make sure that your vendors — as custodians of your information — are using robust security standards within their own organizations .
10 . Deploy sturdy e-mail filters : Email filters could block blacklisted or unknown senders and sift through your email and attachments for any malicious code . Aside from eliminating spam , intelligent filters can detect any phishing or malicious payload and move them into a junk folder before they can cause further damage .
11 . Perform system backups at regular intervals : Imagine a malware bringing your organization down to your knees by rendering your data unusable . If you had a data backup cycle you could restore this information and continue business as usual .
12 . Lastly , communicate and escalate immediately : If any of your employees suspect any breach or fraud , they need to bring this to the attention of your security personnel immediately . This should be a crucial part of your security training program .
32 Perspectives Q2 2021