You know there is some nasty stuff out there on the Internet. You also know that your employees use company computers and networks to access the Internet, both for work and personal reasons. However, you’re not sure if you are exposing your organization’s information assets to the bad guys, and what you should be doing to protect that information.
Here are 5 things to do immediately that may not take too much time or money.
Review your information security policies.
Perhaps you do not have an Information Security policy, or perhaps you have one, but it is so outdated it still refers to modems and floppy disks. Policies are only effective if they are current and relevant.
Communicate any changes in your information security policies to your employees.
Even better, conduct training sessions to help your staff understand why the policies are important to protect themselves and their organization.
Conduct Information Security Awareness training for everyone in the organization.
Many of your employees will not know what to do when the Nigerian Prince contacts them, or if they are suddenly hit with an email that contains malware. They need to be able to understand how attacks happen and how they can help to prevent them.
Engage a professional IT Security company to perform a network penetration test.
This test will assess how easy or difficult it is to break into your network from the outside. They will tell you which things to prioritize and which things can be left to a later date
Perform an assessment of your overall internal security practices.
This assessment will help you discover where your internal processes and practices may be making you vulnerable.
To some degree, protecting your organization’s information assets should keep you awake at night. Peace of mind comes from understanding the strengths and weaknesses in your security program, procedures and practices.