This from Check Point Software Technologies and just easy to read, understand and suitable for Small Business.
Below is a quick extract from the article or Click Here for the Full PowerPoint article.
- Common Passwords are Bad Passwords
Passwords are your first line of defense when it comes to security. Cybercriminals trying to break into your network will start their attack by trying the most common passwords. SplashData uncovered the 25 most common passwords and you may not believe what some people are using.
Ensure your users are using long (over 8 characters), complex (include lower case, upper case, numbers and non alpha characters) passwords.
- Secure Every Entrance
All it takes is one open door to allow a cybercriminal to enter your network. Just like you secure your home by locking the front door, the back door and all the windows, think about protecting your network in the same way.
Consider all the ways someone could enter your network, then ensure that only authorized users can do so.
- Segment Your Network
A way to protect your network is to separate your network into zones and protect the zones appropriately. One zone may be for critical work only, where another may be a guest zone where customers can surf the internet, but not access your work network.
Segment your network and place more rigid security requirements where needed.
- Define, Educate and Enforce Policy
Actually HAVE a security policy (many small businesses don’t) and use your Threat Prevention device to its full capacity. Spend some time thinking about what applications you want to allow in your network and what apps you do NOT want to run in your network. Educate your employees on acceptable use of the company network. Make it official. Then enforce it where you can. Monitor for policy violations and excessive bandwidth use.
- Be Socially Aware
Social Media sites are a gold mind for cybercriminals looking to gain information on people, improving their success rate for attacks. Attacks such as phishing, spearphish or social engineering all start with collecting personal data on individuals.
- Encrypt Everything
One data breach could be devastating to your company or your reputation. Protect your data by encrypting sensitive data. And make it easy for your employees to do so.
Ensure encryption is part of your corporate policy.
- Maintain your Network Like Your Car
Your network, and all its connected components, should run like a well oiled machine. Regular maintenance will ensure it continues to roll along at peak performance and hit few speed bumps.
- Cloud Caution
Cloud storage and applications are all the rage. But be cautious. Any content that is moved to the cloud is no longer in your control. And cybercriminals are taking advantage of weaker security of some Cloud providers.
- Don’t Let Everyone Administrate
Laptops can be accessed via user accounts or administrative accounts. Administrative access allows users much more freedom and power on their laptops, but that power moves to the cybercriminal if the administrator account is hacked.
- Address the BYOD Elephant in the Room
Start with creating a Bring-Your-Own-Device policy. Many companies have avoided the topic, but it’s a trend that continues to push forward. Don’t avoid the elephant in the room! It comes back to educating the user.