Train Employees on Security Practices  

Establish foundational security policies, including strong password requirements and guidelines for internet usage that outline consequences for policy violations. Define protocols for handling and safeguarding customer information and critical data.

Safeguard Information and Networks from Cyber Threats

Maintain clean machines by keeping security software, web browsers, and operating systems up-to-date. Regularly scan for viruses and malware after each update and promptly install any essential software updates.

Implement Firewall Security

A firewall protects your network from unauthorized access. Ensure the operating system’s firewall is activated or install reputable free firewall software. For remote employees, confirm that their home systems are secured with a firewall.

Develop a Mobile Device Action Plan

Mobile devices pose unique security challenges, especially when containing sensitive information or accessing corporate networks. Mandate password protection, data encryption, and the installation of security apps. Establish procedures for reporting lost or stolen devices.

Regularly Back Up Important Data

Consistently back up data from all computers, including documents, spreadsheets, databases, and financial files. Automate backups when possible, or at least conduct them weekly, and store copies offsite or in the cloud.

Control Physical Access to Computers

Limit access to business computers to authorized personnel only. Lock up laptops when not in use, and create individual user accounts for each employee with strong passwords. Grant administrative access only to trusted IT staff and key personnel.

Secure Your Wi-Fi Networks

Ensure that workplace Wi-Fi is secure, encrypted, and hidden. Configure your wireless access point or router to prevent broadcasting the network name (SSID) and protect access with a password.

Follow Best Practices for Payment Cards

Collaborate with banks or payment processors to utilize the most secure and validated tools and anti-fraud services. Isolate payment systems from less secure applications and refrain from using the same computer for payment processing and general browsing.

Restrict Employee Data Access and Software Installation

Limit access to data systems based on employees’ job requirements, ensuring no individual has access to all systems. Prohibit software installation without prior authorization.

Manage Passwords and Authentication

Require employees to create unique passwords and update them every three months. Consider implementing multi-factor authentication, which adds an extra layer of security. Check with vendors that manage sensitive data, particularly financial institutions, for multi-factor authentication options.