Getting practical security information and guidance shouldn’t be so hard. Unfortunately, sometimes it can feel that way. Yes, there may be times when you will need to bring in specialists to assist your business to meet its security needs, but there are many aspects of security which you can choose to do, even on the leanest of budgets.
A summary of some the most practical security tips which you can start today, next week or next month are provided below.
- Know your risks: Knowing how to identify and handle the security and privacy risks your organisation faces are essential to understanding how best to allocate the time, effort and funds needed for managing them.
- Be responsible: Being able to provide secure and private services are a right your customers (and staff/volunteers) expect, so don’t let them down. Everyone in your organisation has a responsibility to keep information protected, and they need to have appropriate guidance on what that means for your specific business, as well as having information security leaders to go to for advice when things fall outside the norm.
- Play by the rules: Your organisation needs to know about any specific legislation or standards which may impact or change how it does business, e.g. The Privacy Act, Human Rights Act, PCI Security Standards.
- Coping with incidents: Whether your organisation has an incident management process in place can have a significant impact on how incidents are handled. If you don’t already have one, create a simple process today and build from it over time to work out the procedures for specific incident scenarios when they occur (e.g. malware incident, privacy breach or lost computing equipment).
- Protecting your core information: The information your service/organisation holds is fundamental for the continuity of your business, and there are many ways you can combine to help do this, including:
- Using long passphrases for each access account – the longer the better.
- Using multi-factor authentication where you can – like using an online code or installed app/token on a secondary device.
- Ensuring that people may only access the information they need for their role, for the time they are working for you.
- Keep all your computing devices operating systems, software and anti-virus up to date, no matter what systems you run.
- Turn on encryption on your computers and mobile phones where available.
- Backup or roll the dice: How could your organisation continue to function if it lost its core information? The answer to this question will dictate how much importance your business will place on where its information is stored, how it is protected, and how often it is backed up. This will define the needs for any systems or services your organisation relies on, and feed into a backup and restoration plan for your business’s core information.