Security dos and don'ts

Solid security is, in many ways, complicated.

Fortunately, there are a few basics you can follow to tighten up your security right away and get high ROI from your efforts.

Check out our list of security dos and don't below.

Topics below include:

• Cyber liability insurance

• Data backup and disaster recovery

• Hard drive disposal

• Links

• Passwords and logins

• Physical device security

• Software patches

• User access and permissions

Cyber liability insurance

Make sure you're financially covered when disaster hits.

Do

• Make sure you understand the coverage of your cyber liability insurance policy.

Don't

• DON'T wait until you need your policy to make sure you're sufficiently covered.

^ Back to top

Data backup and disaster recovery

Data backup is the backbone of a disaster recovery plan.

Do

• Test your data backups regularly.

Don't

• DON'T assume your backups are working without testing.

^ Back to top

Hard drive disposal

Properly dispose your data storage devices.

Do

• Destroy hard drives before disposing.

• If destroying the drive is not an option (such as when selling a device with unremovable storage), reformat the drive and overwrite the free space.

Don't

• DON'T just throw away your hard drive when you've retired it.

^ Back to top

Links

Links are of the common ways that threatware spreads.

Do

• Think before you click.

• Go directly to the appropriate website rather than click the link.

Don't

• DON'T click a link just because it was sent to you as "URGENT!"

^ Back to top

Passwords and logins

Make sure you're covering the basics of account logins.

Do

• Use password managers.

• Use long, complicated passwords.

• Use multi-factor authentication when possible.

Don't

• DON'T use weak passwords.

• DON'T reuse passwords.

^ Back to top

Physical device security

Local access is a great option for breaches.

Do

• Lock devices when leaving them unattended.

Don't

• DON'T leave devices unlocked when attended.

^ Back to top

Software patches

They're more than pesky pop-up reminders.

Do

• Install software patches as they become available.

Don't

• DON'T ignore software patches.

^ Back to top

User access and permissions

Know who's clicking around where.

Do

• Disable obsolete user accounts.

• Give users access only to the files and directories necessary to fulfill their duties.

Don't

• DON'T leave ghost users on your networks and systems.

• DON'T give users access to all of your data. Use frameworks like the principle of least privilege and zero trust security to limit access.

^ Back to top