All cybersabotage! 6 of the rules of information security

Все на киберсубботник! 6 правил информационной безопасности

Monitor digital hygiene in the office is just as important as a well to do accounting or to wash hands before lunch. With Microsoft built the algorithm of actions to protect against cyber threats.

1. Check the role and powers of the accounts

Power users on the system should not be unlimited. Staff only have access to work programs. And installation of software and control of system files it is better to leave for it professionals. So you protect yourself from situations when the employee launches the malicious file as an administrator and allows him to do everything without restrictions: to infect with viruses, gather information, spy or to use the computer for mining cryptocurrency.

But to distinguish between rights in the system a little. The account that you want from time to time to verify and update. For example, to ensure that new employees do not have access with elevated privileges. To change the settings identified vulnerabilities. And check the accounts of employees who no longer work for a company, they should be deactivated or removed.

Все на киберсубботник! 6 правил информационной безопасности

Alexander Buravlev
Technical Director of the company “Aquarius”.

Periodically contact the professionals for information security audit in your company. So regularly makes most of the major organizations, such as banks. Look at the side helps you to understand what your it staff might have missed when making the changes or settings. The best time to understand the vulnerabilities of security than to deal with damage.

2. Follow password security

Some companies require employees to change passwords every 90 days. But sometimes it can reduce the security level. First, the new access code is often written down in a notebook, notes, phone or leave a sticker with the password on the monitor. Second, often users change only the last digit all the time or alternate between the two the usual password. Access code might need to change if it has been compromised, for example, been found in the merged database. In other cases, to frequently change a password is optional.

Better improve the security requirements for passwords: they must be long and complex, contain different types of data (letters, numbers, signs). In addition, the switch checks the password history to avoid the same sequence of combinations. It would be better to Supplement the password multifactor authentication, e.g., fingerprint scanning or face ID.

3. Update it instructions

Some of the it tasks employees are able to solve themselves. So that users do not go to the sysadmin on every detail, companies are developing wiki‑instructions that explain how to configure email clients to connect to a VPN, take advantage of the office printer and so on. Best of all, these guides work in video format with step-by-step process through the eyes of the user. Employees will do the right thing, and the sysadmin will not die from falling if you will follow the regular update of these instructions. Especially when you have in the business processes or the device.

In addition, update the user with the rules of conduct if you encounter problems and failures. Employees must understand when you should not try to fix everything yourself, and know where to run if the computer is seriously broken. Ensure that the Cribs and it has always been important names and contacts of the responsible system administrators. The easiest way to do it electronically — so you don’t need to give the team a new print.

4. Check the license of working software

Viruses, restriction, useful features, draining your data — some possible consequences of using pirated software from the Internet. You will save money on the purchase of software, but will daily risk their business. To pay a licensed program is much cheaper than fixing all of it‑the office system or to compensate customers whose personal data was leaked because of you.

Keep your employees didn’t download unverified software from the Internet, but instead told you what software they need to solve working problems. Do not forget to check the license expiration date and, if necessary, to extend to the company’s work did not stand up at the most inopportune moment.

Reliable and all the usual business software will help to avoid many problems. It is important that the mechanisms for cyber security was integrated into the product initially. Then, it will be convenient to work and not have to compromise in matters of digital security.

The Microsoft Office 365 includes a number of mining tools for cyber security. For example, protect the account and signing in will not be compromised with the integrated risk assessment model, or passwordless multi-factor authentication that does not need to purchase additional licenses. The service also provides a dynamic access control with risk assessment and taking into account a wide range of conditions. In addition, Office 365 includes built-in automation and data Analytics, and even allows you to control the device and protect data from leakage.

Meet Office 365 closer

5. Remind employees about the importance of cybersecurity

Digital threats are becoming more dangerous, so in any company need to conduct regular it literacy. Arrange for the whole team lessons on cyber security or do periodic newsletter by email. Explain to employees that you cannot leave your computer unlocked when they leave for coffee, or to allow colleagues to work under their account. Tell us about how dangerous it is to store important work files on a personal phone. Give examples of cyber attacks on other companies using social engineering techniques and phishing.

Все на киберсубботник! 6 правил информационной безопасности

Alexander Buravlev
Technical Director of the company “Aquarius”.

Preventive measures is one of the protection strategies that help minimize risks. Speak with the employees about it threats, because the weakest link in the system — the human factor. Be careful with flash drives: do not move files from home onto my work computer, ask partners and colleagues to use file sharing and not the media. Never use was found in the office or somewhere else the stick: they can be virus programs.

Your employees must understand why they couldn’t throw each other work in the social networks or do something to bypass the it systems of the company. Set up feedback find out how your team is satisfied with the tools for working with digital data. If an employee is hard, try to optimize business processes.

6. Timely update ON

In most cases, together with licensed software you will receive free updates. In the new versions, the developers fix bugs, make the interfaces more easy, and eliminate the security holes and block the way for possible leaks.

To update the software requires time and restart the computer. Due to the influx of work your employees may underestimate the importance of updates and months to click “Remind later” in the popup window. Keep your finger on the pulse and avoid such situations: outdated software always makes your business processes more vulnerable. For reliability, enter the final date after which rebooting and installation of updates will happen by force.

Control digital security in the office comfortably with Office 365 from Microsoft. It allows you to automatically notify employees when it’s time to change your password. The package includes not only the usual Word, Excel, PowerPoint and Outlook e-mail, but also software to secure calls, corporate instant messenger, a program for sharing files over a secure network. With the Microsoft ecosystem, your employees will not have to look for workarounds, and download unreliable programs from the Internet.

What else is included in Office 365

Share

Add a Comment

Your email address will not be published. Required fields are marked *