Dynamic Legal Representation for You and Your Business

IT Security Controls

Q: What are a few vital IT Security controls that I should implement in my organization?

A: Now, more than ever, the prevention of data breaches and data loss is vital to any organization. From the all-too-common grasp of ransomware (when a hacker encrypts your business data for a monetary ransom), to the lack of appropriate IT controls and vendors, business critical data is clearly susceptible to risk.

To best avoid exposing your critical business data to risks, start with implementing these important integrations:

  • Up-to-date and Reputable Anti-Malware Software
    • Ensure that all business assets have reputable, and up-to-date, anti-malware solutions installed and managed across the organization.
  • Install the Latest Operating System Updates
    • Ensure that all assets are scheduled to install the latest security patches from their respective vendors, especially for operating systems. To go a step further, have a test group of workstations that receive the patches first, in order to rule out any incompatible patches before installing them on all assets.
  • Clean Desk Policies
    • Ensure that your staff members are not writing down their network credentials (user name and passwords) on post-it notes at their desks.
  • Off-site Data Redundancy
    • Ensure that your critical business data is backed up to an offsite location, whether that be to a reputable cloud-based storage solution, or to a redundant, secondary site owned by your organization.
  • Change Management
    • Ensure that all production assets have the necessary change management tickets and approvals for any reboots, patching, upgrades, changes, or replacements.
  • Create and Update Policies and Procedures
    • Having an up-to-date Disaster Recovery/Business Continuity Plan, Acceptable Usage Policy, and other Policies and Procedures could make or break a business when it comes to recovering from a disaster, or preventing one. Create formal policies, update them regularly, and test them to ensure they are functioning properly.
  • Seek Reputable Vendors
    • Ensure all of your vendors have the appropriate IT Security implementations in place. Ask your vendors the necessary questions and request evidence to determine how robust their IT Security is.
  • Assets
    • Ensure all company assets (laptops, phones, tablets), which contain company or consumer data, are tagged and encrypted.
    • Force password changes at a frequent basis.
    • Force lock computers when idle for a certain time period.
    • Implement two-factor authentication.
  • Train Staff
    • Train your staff on the importance of phishing, ransomware, and IT security awareness. Basics, such as locking the computer when away, not leaving laptops in plain view in a parked car, and propping doors that may allow unsupervised visitors, are just a few common-sense reminders to train your team.

You can never be too secure but starting with the short list above is a great step in the right direction.

Share the AGMB Compliance Question of the Week:

Facebook   Google+   LinkedIn   Twitter

New York Attorney Advertising: This email is designed for general information only.
The information presented in this email should not be construed to be formal legal advice nor the
formation of a lawyer/client relationship. Prior results do not guarantee a similar outcome.

© Copyright 2018 by Abrams Garfinkel Margolis Bergson, LLP. All rights reserved.
This email is designed and developed by PR4Lawyers.
Facebook Twitter LinkedIn Google+ Youtube AGMB, LLP Website Neil Garfinkel Michael Barone Neil Garfinkel E-Mail Michael Barone E-Mail Marie O' Brien Marie O'Brien E-Mail