Here are some of the basics of securing your business. This list should put you in a good place.       


                                     

Applications

  • Ensure notifications are properly set up on every application possible, to notify you when changes are made to the account such as permissions, billing, new login alerts.  
  • Do not ignore error messages or warnings on software or hardware you use.
  • Try to use Sign in with Google, or Sign in with Office 365 or another application. 

Computer

  • Use a strong password on your computer (do not use this password anywhere else)
  • Use a password manager.
  • Have some kind of endpoint protection to protect against viruses, trojans, malware.
  • Enable Full Disk Encryption (For Macs this is Firevault. On windows this is Bitlocker).
  • Turn Firewall on.
  • Check installed Applications
  • Check running services
  • Install updates
  • Subscribe to software and hardware vendors security lists that are being used.

Domain

  • Try to renew the domain as long as possible. 
  • Make sure your whois is private or use company info.

Website

  • Ensure there is software in place to block spammers, malicious visitors, and eliminate low hanging fruit as far vulnerabilities.  
  • Enable captcha on all forms.
  • Watermark images & video.
  • Enable HTTPS on your site
  • Backup your site as much as you update it. So if you update it weekly, then backup weekly. 

Files

  • Stay organized. Sloppy rushed or blank file storage can lead to data leak. Take an extra few seconds to save a file with a label, put it, into a folder etc..
  • If you are using cloud file services like Box, Dropbox, Google Drive etc.. Check the permissions on who has access regularly.  
  • Label & Classify Data

Customer Data

  • Ensure customer data is encrypted when stored or in use
  • Remove old customers (keep the rest  for, legal or compliances issues)

Employee Data

  • Ensure employee data is encrypted when stored or in use
  • Clear out any unneeded employee  (Keep the rest for, legal or compliances issues)

Chat

  •  Secure your chat program.

Mobile device

  • Encrypt Mobile Device
  • Enable password security, Self-destruct mode
  • Install Updates
  • Backup everything
  • Enable Find My Phone

 

Wifi/Network/Internet

  • Be careful when connecting to  unsecured wifi. If you really really have to, avoid using applications that contain sensitive info. 
  • Tether or use a VPN is possible

Email

  • Never click, respond or act on unsolicited email.
  • Secure your email with 2-Factor Authentication (2fa)
  • Enable DKIM & DMARC
  • Review which applications can read messages and send on your behalf
  • Secure email with Two Factor Authentication
  • Use a separate email address for newsletters non-important info. 
  • Read about phishing and spear phishing

Social Media

  • Use a strong password
  • Beware of links and files
  • Be careful of your location. Do not put information that can lead someone directly to you. 

Physical Security

  • Have a defined policy where guests can go, who can invite them. Everyone should sign an NDA.
  • Store equipment in locked and monitored areas
  • Keep physical paper for compliance scan the rest and shred whats not needed. 
  • If possible, use backup devices when traveling.

Backup & Recovery

  • Use backup software. You shouldn’t go more than 30 min of not being backed up.
  • Enable recovery and backups on all accounts (ensure you have access to this account)
  • Depending on the risk you may want to store recovery information and backups offline in a locked location.
  • Run Scenarios on risks to your business. Website hack, computer crash no internet etc…

Schedule these tasks Monthly. 

Contact Revamp Cybersecurity to get help with this

Subscribe to get real deal cybersecurity info!