Security Checklist
Published 11/3/22
Lately, we’ve been asked about the best practices to keep your systems and data secure in an easy-to-use format. Here are our top tips to ensure your organization stays safe.
For employees:
- Protect your accounts with strong passwords and multi-factor authentication (MFA). We recommend passwords that are 12 (or more) characters long that include upper and lowercase letters, numbers, and special characters like %. Each website or system should have its own unique password.
- When reading emails, do not rely on your anti-malware system to protect you. Be suspicious of every email, especially if it has attachments or is using urgency to keep you from taking time to verify it.
- Do not use unsecured Wi-Fi hotspots. If you need to connect at your favorite coffee house, verify the name of the hotspot with the staff and make sure the name matches and is spelled correctly. For example, you might see JoesCoffee and JoesCofffee as possible Wi-Fi connections. The misspelled option is a red flag that someone in the area is trying to hack customers.
- If you are working from home, consider upgrading your internet modem/router if it’s over five years old.
- Make sure your anti-malware software is up to date and is set to check all new files coming into your system. It should also be scheduled to do a weekly scan of your entire computer. Work with your system administrator if your anti-malware software needs updating.
- Be especially vigilant for scams during the holiday season.
For system administrators:
- Do not use an administrator account on your system as your primary account. Create a standard-level user account for daily use. Only use an administrator account when you need to install or update software.
- Be very careful with any software you install; it may allow hackers access to your systems. Only use popular software from trusted companies.
- One of the things ransomware does is turn off and delete your backed-up data, so show your data some love by backing it up to at least one external location. If your organization uses programs such as OneDrive or DropBox, you should have the ability to turn on backup and set mandatory hold times for deleted data.
- Turn on whole system encryption for operating systems. This protects data if someone tries to take a hard drive out to connect to another system and break into it.
- Make sure you have up-to-date hardware firewalls in place.