Below are key areas to review within your organization.
Limit access to network resources, applications, and administrative rights. A regular access control audit helps ensure everyone has the right amount access, and no more.
Anti-Virus & Anti-Malware
Today's operating systems have great security baked in. This doesn't mean that is properly configured or adequate for your work environment. Ensure you have a system that is protecting you as soon as the patch is made available.
Business class perimeter security devices are more than just firewalls. They protect your network in each location by scanning and sorting every packet coming in and going out. Don't leave security up to your server or workstation. This is your first line of defense in a multi-layered approach to IT security.
Patches are often deployed after a known security vulnerability on a device has become known. Nearly every device on your network has the ability to be patched. Firewalls, Switches, APs, phones, UPS, door access control, cameras, servers, workstations. Have a plan to download, test & deploy patches as soon as they become available.
Tested Backup Solution
A backup means nothing if you can can't restore the data. 60-90% of businesses close within one year after a major data loss according to several studies over several years. Yet, most companies (over 70%) have no disaster recovery plan in place. If you are not confident in your backups, now is the time to get a plan in place.
End User Training
Most cyber threats are acted upon by a normal, everyday computer user. Rolling training for all staff greatly improves the chances that your network stays safe. It also ensures new employees are exposed to the same training as seasoned staff.