9 Ways to Improve Your Company Security for 2022

A big question hitting our inboxes these days is the new questionnaire that insurance companies are asking small businesses to fill out. These questionnaires are not new to Keystone; our larger clients have been required to fill them out for years. Nowadays, these advanced security and policy questions are being asked of all businesses.

Cyber security used to be a “Big Company” problem but now it has become an everyone problem.

What we have done is put together a 9 item checklist of things you can do in your organization to help you meet these requirements, upgrade the security in your organization and be off to the races for 2022.

1. MFA (Multi-Factor Authentication) – At this point in the game you should be running two-factor authentication anywhere you are able. This is by far the easiest thing for you to implement that will have the most impact on your security. You need to be using MFA for:
   – Any remote access
   – Any cloud system
2. Security Training and Phishing – This product is especially important in today’s environment. Users in the organization need to understand the risks that exist in today’s environment. These phishing simulation tools allow you to help your staff understand these risks all in a risk-free environment. This allows them to learn so they are prepared for when the actual attacks come.
3. Geographic restrictions for logins – Where possible you should be restricting your logins based upon locations. Most breaches originate from outside of the United States. Restricting the login to just your country will at least make the hackers have to work harder to get in.
4. Password Management – Using the same password on every site is never a great plan. The chances of that password being compromised are too great. Using password management software allows you to save passwords in encrypted software rather than an Excel Spreadsheet. You can share passwords securely with team members rather than emailing them back and forth.

   Another vital component of password management is going to be Dark Web scanning. you need to be checking the Dark Web against your known passwords and verifying none of them are in use in your organization.

5. Maintenance Patch Management – Keeping your workstations patched is an integral component of network security. There are always exploits or flaws in software that need to be patched. You need to be doing your part to see that these patches are done.
6. Backups – Your systems should be backed up in a secure 3rd party system. These backups need to be daily at a minimum. Ideally multiple recover points per day. This strategy should include backups for your onsite systems as well as backups for your cloud products (Dropbox, Microsoft 365, Google).
7. Policy – This is an important part of your overall security. It sets the stage for the plan you will follow as an organization. Your policy needs to cover many of the items listed here as a form of documentation and accountability.
8. Lifecycle Management – What does this mean? It means replacing your workstations on a regular schedule. Often a new PC or server every 4 to 5 years. Why is this important? Your hardware gets out of date and the manufacturer stops releasing security-related updates for the hardware. Also, it is simply better for your business to replace on a budgeted schedule than to suffer the downtime and hassle of unexpected replacement.
9. Network security – This is the front door to your network, even if you are only using cloud-based files and collaboration. Your internet network needs to be protected from malicious attacks. A network firewall and a secure wireless network are critical to your organization.

Unsure where to start on this list or have other questions? Reach out to Keystone to discuss the next step to get things moving in the right direction.