6. Internal Financial Process
Have a process in place to approve wire transfers.
You should speak with your bank, and find out what options are available. Whatever method you choose (phone call, signature, presenting ID at the bank), make sure that money cannot be wired out of your accounts without some type of two-step process that involves your involvement.
In addition, setup alerts on your banks accounts so you are alerted if money in excess of a certain amount is leaving your account. Isolate any computers that handle financial transactions in your office. These computers should never be used to access email, or any parts of the Internet (especially social media) other than the required financial sites.
7. Have a process driven approach to patching and software updates
The most important part of the aforementioned statement is process driven! Don’t assume that because you set your computer for “Auto Update” that it is actually updating correctly. You must have a process in place where you check your PCs and servers to check that the updates are actually applied. These updates are critical to remove security exposures in your computer operating systems and programs.
8. Remote Access Review and Policy
Have a conversation with your team about remote access to your critical systems.
Do you want everyone to have access? Do you want to allow access at all times of the day? Will you allow users to establish VPN connections from their personal computers? Or just company issued laptops?
There is really no right answer here, but you must understand what are the risks associated with your remote access policy, and be certain that you are comfortable with the policy you have in place.
9. Eliminate Local Administrative Rights
As a business owner, or someone responsible for the health and security of your computer network, you might want to eliminate administrator rights for your staff on their local PCs.
This will prevent users from having the ability to install software, or make changes to security settings. Although this can be a bit of a pain for some of the users, it eliminates a lot of risk!
10. Check your Cyber Security Insurance
Have a conversation with your insurance broker, and make sure you understand what types of coverage you need.
I suggest identifying the greatest types of risks on your network, and design an insurance plan that will mitigate your exposure.
The landscape of the IT environment changes very quickly, making it almost very difficult to defend your network against all cyber-attacks. However, if you address the ten items mentioned above on your network, you will significantly reduce the risk.
Whatever you choose to do, the bottom line is that you need to get serious about protecting your company against cybercrime!