5 Practical tips for information security

5 Practical tips for information security

14-10-2019 09:31:35

Information security is more important than ever, but in practice there is not enough focus on the human side of it. What do you have to think about as an organisation apart from technical tools to secure your network? In this blog, we give you 5 practical tips that you can implement into your organisation. Quick and easy.

Use a password manager and generator

We cannot stress it enough: use a password manager and generator. We understand the difficulty of remembering all those unique passwords, especially when there are so many conditions they need to meet. Therefore it is advisable to inform employees and advise them about tools that are available for this.

A password policy must be workable to prevent people from trying to go around it. If you ask your employees to change passwords every month, use 20 characters and be unique every time, there is a good chance there will be post-its all around the office to help them remember the passwords. If the conditions are workable, there is a much smaller chance that people will use the corporate passwords outside of the corporate server.

Make backups and apply encryption

Backups of the corporate network are usually properly organised by the IT department. What many employees forget, however, is that the local disk of their PC does not make backups automatically. In case of a virus, a ransomware attack or another problem, many files are still lost here. This also concerns data on laptops that may not be included in the backups as well.

Stay up-to-date

Ensure that software remains up-to-date. Ultimately, all types of files can pose a security risk. A pdf is one of the safest files, but when you don’t install Adobe updates, there are security risks there too.

IT departments can also choose to block certain extensions or disable macros. These are smart interventions, but make sure that IT departments inform the employees about possible alternatives. This way to prevent people from circumventing your security measures.

Security Awareness Training for employees

IT departments are naturally inclined to resolve issues by implementing technical measures. More monitoring, more virus scanners and more firewalls, but that alone is not going to do the trick. For more security, it is crucial to train and educate your employees. At BIT we are convinced that employee awareness can increase security with at least 25%. The IT department will have to be vulnerable here. Technical measures are necessary, but the input from employees is at least as important. Inform them about the developments in the field of security, provide insight into possible risks and ask their attention for the implemented measures during an internal meeting. For example, following a department meeting.

Ensure a safe Internet of Things (IoT) policy

More and more devices are connected to the internet without conscious thought about security risks. Poorly protected IoT devices can cause three problems:

  • You may harm others on the internet. Poorly protected IoT devices are regularly used for large DDoS attacks. For example, when a hacker gains access to a security camera that is connected to the internet, this can be used to execute a large-scale attack in a network of different devices. It is also crucial for IoT devices to be up-to-date and protected with strong passwords.

  • If your device is involved in such attacks, you are at risk of legal repercussions or reprimands from your provider. The moment the IP address is known, you are at risk of retaliation. Probably all without knowing that your device caused any problems.

  • Poorly protected IoT devices are a possible access point to the rest of your network. It is a place for a hacker to enter your network and forage around in it.

By: Larissa Wiedeman