Information security should be a crucial part of every organizations risk management plan and if it’s not, then you could be in for a surprise down the road. Hope isn’t lost though. In a matter of minutes you can find a plethora of IT risk assessment information by simply google searching “Information security risk assessments”.
Relaxed information security can result in a multitude of problems including: viruses, ransomware, intellectual property loss and much more. Each of those items can be extremely costly. Recovery might mean that you lost a month of data, that you were forced to pay a ransom to unlock your files, or that you were losing valuable research, and you may never know it was stolen.
- Search for Information Security firm that can audit your systems and risk levels
- Get multiple quotes, because some firms massively overcharge for services
- Understand that your personnel is your biggest vulnerability, build a training plan, and execute that plan
- Use complex passwords or passphrases
- Set up 2-factor authentication
- Set up auto sign out on computers, so PC’s left unattended get locked.
Don’t do this…
- Don’t hire the first firm you speak to. Firms that are targeting your executives and non-IT staff to give security presentations are simply trying to drum up business through fear. They may do a good job, but will likely charge you double or triple.
- Don’t make exceptions for training or security. Provide training from entry level employees all the way to the CEO.
- Do not ignore updates.
- Don’t click on email links from unknown sources
- Don’t install unauthorized software