Technical controls are security measures built into your computer’s hardware, software, or firmware, and you can follow these five steps to secure your business online!
Step 1: Access control permission
It is essential to control the access of data in your business. All users must have their accounts with specific access to the data they need for their roles.
Important rules to follow to control access:
Without entering a username and password, you should not guarantee access to any device.
All user accounts must be personal and not accessible to each other.
Access to anyone who leaves your business accounts and systems should be removed.
Administrator accounts should only be used when necessary, such as installing software.
You should regularly review the list of employees with administrator accounts, as some may have changed roles in the company.
Enable multi-factor authentication for all the user accounts.
Step 2: Firewalls and Internet portals
A firewall is a protection between your system and the external systems you use. If you find something that could harm your system, the firewall will filter it out and prevent it from happening.
Follow these essential rules for firewalls:
If you have employees working from home, all of them must have a firewall to keep the data accessed on the Internet safe at home.
We recommend using a 16-digit password to increase password entropy when grouping firewall passwords together.
You must have a firewall enabled for all your work equipment.
Step 3: Device configuration
When you receive a new work device or personal device, it is not ready for safety. In addition, software and applications will be pre-installed on the device, posing some security risks.
Important rules to follow to configure the device:
You should remove or shut down pre-installed apps and systems that you do not need.
Change all the default passwords for accounts and enter robust password options.
Make sure you can’t guess the password; you can achieve this by creating a secure password from LastPass or creating an 8-character password with uppercase and special characters.
The number of login attempt failures must not exceed ten within 5 minutes if someone tries to hack your account with more than one password in a row.
Disable all automatic downloads and autoplay on all your systems.
Step 4: Patch management
Another way to protect your organization from security risks is to ensure your software is constantly updated with the latest patches.
Follow important rules for patch management:
Make sure all operating systems and applications you use are supported by vendors who can provide regular solutions to any security issues that may arise.
Use only licensed software.
Be sure to consider the security updates once they are released and install them on your system as soon as possible.
Remove all unsupported apps from your devices when the developer does not support them.
Step 5: Malware protection
Malware, also known as ransomware, is used to recover or destroy company data. It can also be combined with various attacks, such as phishing to create more dynamic and focused attacks.
Important rules to follow to protect against malware:
Install anti-malware software.
Once the software is installed, be sure to update it regularly.
Your anti-malware software must have a plug-in that prevents you from accessing any malicious websites that could endanger your security.
Prevent users from installing unsigned applications or applications not approved by the company.
Create a list of approved apps.