Ten questions that test your company’s IT security
WannaCry and other recent computer attacks have shown that security plays an increasingly important role in business. Taking the right defensive measures in this field is now more important than ever. It is not enough to have a good IT security solution, but ultimately, only a good IT security training policy towards our employees can protect the data of our company. Do you want to know if your company is safe or not? Start by answering these ten questions.
Do your employees use a strong password?
More than half of the data lost in the company have their origin in the use of weak passwords and yet less than 25% of companies say that their organization has a good identity management policy.
Do you ask your employees to change their password regularly?
Although a password is safe on paper, it loses its effectiveness as time passes. A good company policy involves strengthening the security of these passwords by changing them regularly (for example once a month), either manually, or thanks to computer security software, automatically.
Do you use a double factor authentication system?
Many services and some computer programs bet to endow their infrastructure with an additional layer of security, betting on a double factor of authentication. That is, it is not only necessary to enter name and password but an additional code, which is generated randomly and which the user receives through another channel, such as an SMS on his mobile phone, or a USB token.
How are the smartphones of your employees integrated into your company’s network?
Allowing a personal mobile phone to be integrated into a company’s network increases the chances that the latter will be the victim of a malware attack. Providing your employees with secure corporate telephones is one way to avoid it.
Do you periodically back up your data?
A ransomware attack can end by hijacking all of your data, so it is totally inaccessible to your company.
Maintaining a good proactive backup policy is the only way to ensure the integrity of your corporate information, which is ultimately the most valuable resource of your company.
Do you have the right security solutions?
Every device that connects to your company’s network should have an appropriate and updated security solution. Servers, computers, phones, tablets and even printers can become a vector of attack.
Do you limit the number of employees who have administrator privileges in the IT infrastructure of your company?
Many of the computer security problems suffered by companies could be avoided if limited to the maximum, the number of users who can access the privileges that have a systems administrator (such as permission to install new software).
Do your employees know how to recognize a suspicious e-mail?
Phishing attacks are increasingly sophisticated. These are not only able to impersonate a bank, but also by popular companies like Amazon, Neflix, etc.
Learning to recognize this type of mailings, usually identifying the sender and the web address to which the attached link is pointing, is vital to keep cyber-criminals at bay.
How do you encrypt in any way your databases and information about your clients?
If a cyber-criminal puts your organization in the spotlight, the likelihood that he will finally get into the IT infrastructure of your company is quite high.
However, if in addition to having a good backup policy, properly encrypt the most sensitive information of your company, you will get to stay safe.
Are your websites protected?
The origin of many cyber-attacks can be something as “simple” as an infection to a WordPress site that has not been updated.
If we have a corporate website, it is advisable to ensure that it is isolated from the rest of our IT structure and, of course, updated with the latest security patches that have been released.