5 Easy Steps to Information Security

Today I’m going to give you 5 simple steps to implement information security. For anyone who played sports in high school or college, you remember the first week of practice each season, right? Basic drills. Your coach harped and harped about how the basics were important. We could learn tricky offensive or defensive plays but if we didn’t have the basics down, we were going to lose. The same is true for information security so I’m going to remind you of a few basics.

1. Train Your Employees

 No employee wants to be the source of a security breach. If you spend just 1 hour per year on security awareness for your employees you will begin to see improvement year over year. Annually, that’s just .0005% of their time. That’s $22.50 for each employee that makes $45,000 per year. Where else can you get a better return on your investment?

2. Actively Manage Anti-Malware

Most anti-malware systems are on autopilot. Unless an alert pops up that malware was detected, it’s ignored. This is a huge mistake. Someone should review this system daily and make sure all systems are reporting in, that their definitions updated and that scans were successful. Every single breach we’ve ever investigated had an anti-malware system that wasn’t being managed appropriately.

3. Revoke Unnecessary Access

Staff often have far too much access to computer systems. It’s not about trust. It’s about what happens when that account is hacked. If the accounts are fairly restricted, hackers need to compromise several accounts to meet their objectives. This goes for system administrators too. They should have one account they use for internet surfing, email and daily work and another account used to administer systems. This makes it more difficult for cybercriminals to compromise systems.

4. Secure Your Wireless 

Wireless networks offer convenience and mobility, however they are inherently less secure than a physical connection. Securing a wireless network against today’s sophisticated attacks just takes a little planning. Splitting guests off on their own network and rotating pre-shared keys are critical to wireless security.

5. Monitor Security Event Logs

While this is simple, it’s not necessarily easy. It will take some tools and some time to review these logs looking for security incidents. Sticking your head in the sand an ignoring the fact that you’re under constant attack won’t make it stop. It only makes it worse.

There you have it. Information Security Made Easy. With these 5 simple steps, your organization can see significant improvement in its information security posture. Taking the first step is always the hardest. Pick one and give it a try.