Make an inventory to assess your risk: If you don’t know what you have, you can’t protect it. Maintain a list of all your hardware: PCs, laptops, mobile phones, routers, and printers. Also include your digital services, like the software you use, bank accounts, and cloud services such as Google Docs and iCloud. This inventory will make it easier to know where and what could go wrong.
Define your security policies: Safety and good leadership go hand in hand. Make sure you communicate to your employees why this is an important topic, why only authorised staff can enter the office, or why they should not use personal laptops or other devices to access work data. If they work remotely, explain why they should be careful when connecting to public Wi-Fi hotspots.
Set up your controls: To ensure that the policies agreed upon are being implemented, it is important to put IT controls in place. A foundational step is to set a unique username and password or passphrase for each employee to access their laptop and the company’s intranet. Set out the protocol that workers should follow in case they encounter any kind of security issue or incident. You should also use security software to protect employees from malware. Finally, consider using encryption to prevent data from being accessed and read by an attacker and two-factor authentication to provide an extra layer on top of the password.
Test your security policies: With the previous steps taken, your company already benefits from a certain level of protection. But you still need to make sure all steps have been well adopted and that they offer a smooth response in case of an attack. Keep in mind that you need to make sure employees use strong and unique passwords.
Educate: Increasing employee cyber security awareness is a long-term effort. Even well-informed workers might fall for simple phishing emails. An effective security strategy depends on your leadership to inform and educate employees.
Keep testing: Once you’ve been through the previous steps, don’t let your guard down. You need to reevaluate your processes at least once a year or more often during periods of crisis. Make sure your employees maintain compliance with your guidelines, that all software is up-to-date to stay safe from known vulnerabilities and to disable or remove the accounts and access of employees who have left the company.