The pandemic brought an increase in the use of digital communication tools we use to work, meet and carry on daily life. This introduced new vulnerabilities, but what hasn’t changed are your clients’ and employees’ expectations about the privacy of their data. Now is the perfect time to ensure you and your third-party partners meet reasonable security procedures and practices.
This vague phrase is used in laws like the California Consumer Privacy Act (CCPA). Understandably, you may be wondering what exactly it means. Fortunately, SecureTheVillage, an organization CEO Matt Mayo is on the leadership council for, has stepped in to fill the void with a 9-point list detailing the minimum reasonable information security practices all responsible IT service providers should follow.
The highly detailed, technical guidelines are packed with useful and actionable advice for any organization that’s looking to take security up a notch and proactively stop cybercrime. Using the guide, we pulled out 11 actions you should prioritize right now.
1. ‘SecureTheHuman’ and get your employees to stop clicking
Develop a workplace of knowledgeable employees who avoid malicious links and actively help prevent cyberattacks. Unless you “SecureTheHuman,” and tell people what not to click, they will continue to accidentally cause cyber incidents.
2. Plan for the worst
Create an Incident Response Plan and a Business Continuity Plan, then go over both with your staff so everyone is aware of what the plan entails and their responsibilities during an emergency.
3. Lock down your network security
Using a Virtual Private Network (VPN) with two-factor authentication to remotely access the network is a simple way to secure access to your network and keep cybercriminals out.
4. Enforce password best practices
Passwords are at least 15 characters long and contain a mix of upper- and lower-case letters, numbers and characters.
5. Track activity
Log all IT staff activity at the individual level so you can track user, event, time of event, success or failure, event origination, and the affected data and systems. Securely store the logs for at least 1 year.
6. Review admin access
Every 90 days, review who has administrative access to your IT networks.
7. Evaluate third-party vendors
You’re dependent on the security of your third-party partners, including your managed service provider, to prevent breaches. Set policies, control information and secure who has access to your data to protect yourself.
8. Control access with policies
Define who has access to sensitive information and restrict it to people who absolutely need to know.
9. Identify experts you can call for help
SecureTheVillage recommends having access to a Certified Information Systems Security Professional (CISSP). These experts pass rigorous exams and participate in continuing education, making them valuable resources who can help your organization implement measures to stop cybercrime.
10. Stay informed about the latest threats
To prevent attacks, you need to know what you’re up against. Every month, we share some of our insights and practical advice for improving security in a free newsletter. You can sign up here.
11. Start a conversation with your IT provider
Ask your managed IT provider to review SecureTheVillage’s 9-point checklist, then ask how many of the policies they comply with internally and which they use with their clients. Your IT partner should be able to give the reply we’re able to tell our clients: The guidelines form the basis of the policies we adopt internally and for our clients.
You Could Be Breached if You Ignore These Standards
Familiarize yourself with the minimum standards so you can hold your managed security partners responsible. Your ability to obtain and keep cyber insurance and maintain compliance depends on following the 9 standards.
Hold Your IT Provider Accountable for your Cybersecurity
If your IT provider isn’t meeting the bare minimum and doesn’t implement the same high-level security for you, you’re at risk. You shouldn’t be blindsided by an attack. Our credentialed experts, including CISSP, are here to help. An assessment will show you how to redress existing vulnerabilities and enable you to hold your provider accountable. Contact us to get started today.