Here are five easy ways to boost your cyber security and minimize risk:
5. Back It Up
In order to protect your company from a new type of malware called ransomware, set up automatic backups of your data.
Not only will this protect you from someone stealing your data and demanding a ransom for it, it will ensure that your data is safe, secure and can’t be accidentally deleted.
4. Identify the Risk
Knowing what the risks are and what can lead to them is crucial in protecting your data. It’s important to stay up-to-date on the latest scams and attacks and understand what you can do to protect yourself from them before they happen.
Keeping your employees up to date on what email scams are going around can help them know what they should be wary of.
[ Related: The Cyber Insurance Boom ]
3. Encrypt Your Data
Use a full-disk encryption tool to secure all employee data on your computer. This prohibits anyone but you from accessing your files in case your computer falls into the wrong hands.
2. Secure Your Hardware
It’s impossible to have truly good cybersecurity without having good hardware. According to a recent survey by cyber security powerhouse Cisco, most organizations are using between 6-50 different security products, which leads us to assume there have to be vulnerable gaps between all those systems.
Keeping a few, powerful security tools is best when beefing up your cybersecurity.
1. Use Two-Factor Authentication For Everything
It’s a good idea to enable two-factor authentication for every account login. When you enable two-factor authentication, in addition to entering your username and password, you can sign up to receive a text, e-mail or push notification to make sure it’s really you logging in.
A good app to use is DUO, which will send you a push notification anytime you log into a specific website.
While it’s important to ensure your own company is secure, it’s also important to ensure that any companies who have access to your information are secure – Brown & Joseph takes the utmost caution when dealing with data.
Brown & Joseph’s System Securities Programs and Protocols are in place and tested vigorously by our IT department to maintain the integrity, confidentiality and security of our insurance customers and our business.
We maintain the following security policies and procedures:
- Security management process to prevent, detect, contain and remedy security violations
- A designated security officer who develops and administers the data security policy
- Information security awareness and training is conducted for all appropriate members
- Security incident procedures for handling breaches of data security
- Business continuity plans
- Business plans tested and evaluated on a periodic basis
- Access Controls – security software that denies or permits electronic application or data access
- Protective Devices – surveillance cameras, fire detection system, after-hours motion alerts
- Flood Management – water sensor contained in the data center
- Event Monitoring – access, admin activities, use of privileged accounts, changes to controls, suspicious patterns of activity, attempts to access sensitive files, rejected attempts at accessing resources, etc. are all monitored
- Data integrity managed through security access and controls and with critical business data backed up daily (onsite and maintained offsite)
- Secured network and workstation with an individual sign on
- Technical Architecture controlled by network and firewalls
Safeguards are controlled, monitored and hardened against accidents, attacks or environmental disasters to ensure business and client data is controlled.
Penetration testing is the process of testing our applications for vulnerabilities. The purpose of a penetration test is to identify any key weaknesses in our systems and applications and to determine how to best allocate resources to improve the security of our organization as a whole.
In addition to pentesting being regularly performed by our Chief Technology Officer, further pentesting involves a team of skilled hackers.
We purposefully ensure that the hackers do not have access to any source code and ask them to try to gain access to our systems.
Penetration tests are carried out on IP address ranges, individual applications or even by using only our company name.
All of our I.T. security and safeguard certifications are readily available to qualified inquiries.
Suggestions? Take this short survey.