It’s true. Technology is always changing. Sometimes, technology changes in small, incremental ways, and at other times, it makes big shifts in what can seem like the blink of an eye. With technology in a constant state of change, it can be difficult for businesses to know they’re doing what’s necessary to ensure they’re properly secured. So, what do businesses need to know about information technology and security? Today, I’m covering a few IT security best practices that any business — small, medium or enterprise — can benefit from integrating into their technology landscape.
Let’s get started ...
IT Security Best Practices
Implement (and Enforce) a Strong Password Policy
Keeping passwords up to best practices takes mere moments, but can end up saving businesses a lot of trouble. It’s important to specifically outline password requirements in your IT policy so employees know what expectations their passwords should meet. For starters, business passwords should:
- Be at least eight characters
- Combine upper and lowercase letters, numbers and special characters
- Include a unique password for network access that is not used elsewhere
- Be changed every 90 days
- Be kept private
If passwords need to be used for longer periods than 90 days, increase their length and complexity.
Use Automatic Screen Lock
Unattended workstations can leave company and client data vulnerable. Using automatic screen lock ensures that devices left idle are not vulnerable to prying eyes. For a best practice, we recommend setting all workstation and mobile devices to lock screens after 10 minutes of inactivity. Consider applying the same policy to webpage idle timeouts, too.
Install Equipment Tracking
Who’s keeping track of all of your company-owned devices? For too many businesses, the answer is no one. Company and client data resides within many pieces of equipment, including servers, workstations, mobile devices, thumb drives, backup/replication systems and cloud locations. Limit device access only to individuals who require access, and use inventory tags to help track company-owned devices.
Use tools that allow for the secure sending and receiving of secure files. This includes enforcing tools that automatically scan for sensitive data. All personnel should be educated on using the portal or encrypted email solution for any file containing confidential data. Use automatic encryptions whenever possible, but train users to understand this is not a given.
Minimize Administrator Privilege Use
Allowing workstations to run with local administrator credentials exposes systems to many security threats and can lead to an entire network infection. Do not work regularly on a workstation with Administrator access. General/daily use accounts should not be Administrator accounts. Instead, Administrator accounts should be separate and utilized for admin-specific purposes.
Keeping Your Company Safe and Secure
When it comes to keeping your company safe and secure, this is really just the tip of the iceberg. We’ve put together a simple, accessible IT security best practices checklist outlining 21 tips and recommendations for keeping your business secure. If you’d like to learn more about how to keep your business safe, get in touch with a Marco rep to learn more about business security.