Here are some of the basics of securing your business. This list should put you in a good place.
- Ensure notifications are properly set up on every application possible, to notify you when changes are made to the account such as permissions, billing, new login alerts.
- Do not ignore error messages or warnings on software or hardware you use.
- Try to use Sign in with Google, or Sign in with Office 365 or another application.
- Use a strong password on your computer (do not use this password anywhere else)
- Use a password manager.
- Have some kind of endpoint protection to protect against viruses, trojans, malware.
- Enable Full Disk Encryption (For Macs this is Firevault. On windows this is Bitlocker).
- Turn Firewall on.
- Check installed Applications
- Check running services
- Install updates
- Subscribe to software and hardware vendors security lists that are being used.
- Try to renew the domain as long as possible.
- Make sure your whois is private or use company info.
- Ensure there is software in place to block spammers, malicious visitors, and eliminate low hanging fruit as far vulnerabilities.
- Enable captcha on all forms.
- Watermark images & video.
- Enable HTTPS on your site
- Backup your site as much as you update it. So if you update it weekly, then backup weekly.
- Stay organized. Sloppy rushed or blank file storage can lead to data leak. Take an extra few seconds to save a file with a label, put it, into a folder etc..
- If you are using cloud file services like Box, Dropbox, Google Drive etc.. Check the permissions on who has access regularly.
- Label & Classify Data
- Ensure customer data is encrypted when stored or in use
- Remove old customers (keep the rest for, legal or compliances issues)
- Ensure employee data is encrypted when stored or in use
- Clear out any unneeded employee (Keep the rest for, legal or compliances issues)
- Secure your chat program.
- Encrypt Mobile Device
- Enable password security, Self-destruct mode
- Install Updates
- Backup everything
- Enable Find My Phone
- Be careful when connecting to unsecured wifi. If you really really have to, avoid using applications that contain sensitive info.
- Tether or use a VPN is possible
- Never click, respond or act on unsolicited email.
- Secure your email with 2-Factor Authentication (2fa)
- Enable DKIM & DMARC
- Review which applications can read messages and send on your behalf
- Secure email with Two Factor Authentication
- Use a separate email address for newsletters non-important info.
- Read about phishing and spear phishing
- Use a strong password
- Beware of links and files
- Be careful of your location. Do not put information that can lead someone directly to you.
- Have a defined policy where guests can go, who can invite them. Everyone should sign an NDA.
- Store equipment in locked and monitored areas
- Keep physical paper for compliance scan the rest and shred whats not needed.
- If possible, use backup devices when traveling.
Backup & Recovery
- Use backup software. You shouldn’t go more than 30 min of not being backed up.
- Enable recovery and backups on all accounts (ensure you have access to this account)
- Depending on the risk you may want to store recovery information and backups offline in a locked location.
- Run Scenarios on risks to your business. Website hack, computer crash no internet etc…
Schedule these tasks Monthly.