The best place to start is by understanding how to budget for cyber security.
Use this checklist as a starting point and contact Ontech’s support team online or call us at (262) 522-8560 with questions.
1) Maintain Compliance
The first step in budgeting for cyber security is determining whether your organization needs to be in compliance with a regulatory authority, as this will mandate certain cyber security practices.
HIPAA: Healthcare is one of the most frequently breached industries. HIPAA regulations are in place to ensure this sensitive data remains secure.
If you need to maintain HIPAA compliance, there is a set of guidelines your organization needs to adhere to.
PCI: If your business stores, processes or transmits payment card data, you may need to adhere to PCI compliance regulations.
OTHER: There are additional regulatory compliance guidelines for businesses in financial services, government, and manufacturing industries (to name a few). Step 1 when budgeting for cyber security is determining if regulatory compliance is required within your organization.
If you are unsure of the extent it means to be regulatory compliant, contact us or call our support team at (262) 522-8560 with questions.
2) Conduct Annual Security Assessments
Cyber security assessments are absolutely key to identifying weak spots within your network. A basic understanding of cyber security is not enough. At Ontech Systems, we recommend conducting security assessments annually, or at minimum, once every other year.
It’s best to conduct a security assessment before you begin budgeting for cyber security so you can determine the areas of weakness and develop a plan to close those security gaps. Contact Ontech to schedule your security assessment and kick off your cyber security budget.
3) Install Antivirus on All Devices
Antivirus, sometimes known as anti-malware, is a type of software used to prevent against, detect, and remove malicious software from a device.
It is very important to constantly update your antivirus software on all devices in your network – including servers, because these updates contain the latest files needed to keep new viruses at bay. (For a worry-free approach to antivirus software, managed services can take care of this for you automatically.)
4) Regularly Patch All Devices
Patches go hand-in-hand with antivirus software. And the reality is, a network without regular security patches is an open invitation to cyber criminals to exploit the flawed device.
Since individually patching each and every device in your network would be tedious, consider integrating managed services into your budget, which would ensure all devices are automatically patched and up to date.
Not convinced patches are necessary?
In recent months, the WannaCry ransomware attack, which many people thought to be the largest ransomware attack in internet history, attacked 200,000 computers before it was stopped. Some of the hardest hit networks were hospitals which resulted in the loss of patient care due to the inability to access computers.
A few weeks prior to the incident, Microsoft had actually issued a patch for the issue that led to the event, but because many users didn’t install the patch or opted out of automatic updates, this particular exploit caught like wildfire and negatively impacted thousands of people.
If your organization is still running unsupported versions of Microsoft Windows (like Windows XP or Windows Server 2003), consider this a cautionary tale – the time to update is now.
5) Schedule Regular Maintenance Visits
Regular maintenance visits are a worthwhile addition to your cyber security budget for a variety of reasons. For starters, they are part of a proactive approach toward network security, as opposed to break/fix– which many companies are now getting away from. With regular office visits, your tech can become familiar with your network and quickly spot when something is out of the ordinary.
A qualified IT technician can make sure your company password policy is up to par and if you’re not utilizing managed services for patches and antivirus software, they can verify everything is up to date and confirm your data backup is functional (which is absolutely critical).
6) Educate Staff about Cyber Security
The #1 security risk for your organization? Your users.
At times, companies take active steps toward heightened security by investing in managed services, mobile device management and data backup, but if your users are not educated on cyber security – they are the weakest link – which presents a huge security risk.
Within your cyber security budget, allow adequate time for:
- Developing a security policy
- Engaging in employee education
- Defining a plan that enforces security policies
Get employees engaged by asking them to test their knowledge by taking security quizzes.
Phishing emails are becoming increasingly difficult to detect, so educating employees on how to recognize a phishing email can significantly boost your efforts toward user education when it comes to security. (If you need assistance educating users about the cyber risks they might encounter, along with common cyber security mistakes, contact us, we can help.)
7) Employ Data Backup and Disaster Recovery
Did you know that 60% of backups are incomplete and 50% of restores fail? When was the last time you actually tested your backup? Although data backup and disaster recovery isn’t directly related to cyber security, having a functional backup is critical in the event of a man-made or natural disaster.
And considering that ALL tape backups fail at some point in time, be sure to budget for a good data backup system and allow adequate time for disaster recovering planning.