How clean is your business? I’m not talking about whether or not you employ cleaning staff at your office. I’m speaking about your systems and data. About digital hygiene.
You’ve probably heard the term once or twice, usually in the context of cybersecurity. And while security is certainly a major component of your organization’s cyber-hygiene, it’s only one facet. Hygiene is about more than protecting your business’s assets.
It’s about knowing where those assets are, what they do, and why you use them. It’s about making your business operations more organized, capable, and effective in the digital realm. In short, it’s something everyone should be aware of, yet few are.
How to Protect Your Business with Digital Hygiene [Checklist]
Let’s change that. Read this hygiene checklist and see which of these you’re currently doing.
Document Your Infrastructure.
This includes hardware, software, and applications. Through this documentation, you should be able to know at a glance what any system or file is, what it does, why it’s important, and to whom it’s important.
Install a File Management System.
Documenting hardware and applications is fairly simple. Documenting files, not so much. A secure enterprise file sharing and synchronization platform is a wise investment - it will allow you to not only organize sensitive assets for easier access but maintain visibility over them as well.
Keep a Running List of Vulnerabilities.
Awareness and diligence are your best weapons in the war on cyber-crime. Stay cognizant of exploits and attacks.
Enforce Regular Password Updates.
A strong password policy combined with other forms of access control (device-based, biometric, or behavioral authentication, to name a few) is extremely important.
Implement a Comprehensive Patching Process.
And not just for cybersecurity. Software updates are also important for addressing usability and functionality.
Limit Access to Critical Assets.
Whenever you examine an employee’s access permissions, ask yourself if they need those permissions to do their job. If the answer is ‘no,’ they shouldn’t have them.
Sometimes, the unexpected will happen — a system will fail or a hacker will compromise your network. You need to be prepared for that, and automated backups of important files and systems allow you to be.
Utilize a Security Framework. NIST is a good place to start.
Regularly Update Old Infrastructure.
While old hardware isn’t necessarily a security risk, it is a sign of poor cyber hygiene.
Conduct Regular Audits.
Working with both internal and external experts, run checks of the following:
- Corporate-owned Technology. At least annually. This includes everything documented in the first list item.
- Process Reviews. At least bi-annually, but ideally every quarter. Includes acceptable use policies, access policies, crisis management, and so on.
- Risk Assessments. Following NIST standards, conduct quarterly audits of your systems and vulnerabilities, and bring in an expert at least once a year. It’s also advisable to run regular penetration tests, as well.
- Employee Devices. What are your employees using for work? This should be performed quarterly.
Sign Up for Risk Insurance.
That way, if the worst does happen and you suffer a breach, you’ll have a bulwark against the damages.
Ensure You Have Incident Response and Crisis Management Plans in Place.
These plans should include a clear delineation of roles and responsibilities, guidelines for external and internal communication, and the recovery process.
Evaluate All Vendors and Business Partners.
Even if your business is clean, associating with a vendor that doesn’t value data hygiene security can figuratively leave mud on your face. Hold other organizations to the same standards as your own.
So after having read that list, how clean is your organization?
And what do you need to do to make it cleaner?
Tim Mullahy is the Executive Vice President and Managing Director at Liberty Center One, a new breed of data center located in Royal Oak, MI.
Tim has a demonstrated history of working in the information technology and services industry.