Here are some of the basics of securing your business. This list should put you in a good place.
- Ensure notifications are properly set up on every application possible. to notify you when changes are made to the account, permissions or billing, new login alerts. You want to know when things change. You may catch something malicious.
- Try to use Sign in with Google, or Sign in with Office 365 or another application.
- Do not ignore error messages or warnings on software or hardware you use.
- Never click, respond or act on unsolicited email.
- Never ever connect to unsecured wifi. If you really really have to, avoid using apps that contain sensitive info.
- Use a strong password on your computer (do not use this password anywhere else)
- Use a password manager.
- Have some kind of endpoint protection to protect against viruses, trojans, malware.
- Enable Full Disk Encryption (For Macs this is Firevault. On windows this is Bitlocker).
- Turn Firewall on.
- Check installed Applications
- Check running services
- Install updates
- Subscribe to software and hardware vendors security lists that are being used.
- Try to renew the domain as long as possible.
- Make sure your whois is private or use company info.
- Ensure there is software in place to block spammers, malicious visitors, and eliminate low hanging fruit as far vulnerabilities.
- Enable captcha on all forms.
- Watermark images & video.
- Enable HTTPS on your site
- Backup your site as much as you update it. So if you update it weekly, then backup weekly.
- Stay organized. Sloppy rushed or blank file storage can lead to data leak. Take an extra few seconds to save a file with a label, put it, into a folder etc..
- If you are using cloud file services like Box, Dropbox, Google Drive etc.. Check the permissions on who has access regularly.
- Label & Classify Data
- Ensure customer data is encrypted when stored or in use
- Remove old customers (keep the rest for, legal or compliances issues)
- Ensure employee data is encrypted when stored or in use
- Clear out any unneeded employee (Keep the rest for, legal or compliances issues)
- Secure your chat program.
- Encrypt Mobile Device
- Enable password security, Self-destruct mode
- Install Updates
- Backup everything
- Enable Find My Phone
- Secure your email with 2-Factor Authentication (2fa)
- Enable DKIM & DMARC
- Review which applications can read messages and send on your behalf
- Secure email with Two Factor Authentication
- Use a separate email address for newsletters non-important info.
- Read about phishing and spear phishing
- Use a strong password
- Beware of links and files
- Be carefulof your location. Do not put information that can lead someone directly to you.
- Have a defined policy where guests can go, who can invite them. Everyone should sign an NDA.
- Store equipment in locked and monitored areas
- Keep physical paper for compliance scan the rest and shred whats not needed.
- If possible, use backup devices when traveling.
Backup & Recovery
- Use backup software. You shouldn’t go more than 30 min of not being backed up.
- Enable recovery and backups on all accounts (ensure you have access to this account)
- Depending on the risk you may want to store recovery information and backups offline in a locked location.
- Run Scenarios on risks to your business. Website hack, computer crash no internet etc…
Schedule these tasks Monthly.