When New Hampshire companies look for ways to bring their budgets in line, one area they cannot afford to diminish is cybersecurity. If anything, they often have to increase their ability to safeguard their most important digital infrastructure as well as protect their clients’ data. New Hampshire Business Review reached out to McLane Middleton in Manchester to glean some of their expertise in this arena.
Q: What are the best practices a company can adopt to keep its remote and hybrid workers secure and connected to the company?
Another primary risk of employees working remotely is the points of access they have to company information.
Strong and unique passwords coupled with multi-factor authentication (MFA) for access to all computers, networks and clouds is a necessity. Additionally, limiting the access to those systems only to company-owned devices is another critical safeguard.
Q: What are the most important aspects a company should focus on in regards to maintaining its cybersecurity?
A: Truly effective cybersecurity requires a comprehensive approach — there are no magic bullets. The first and most important step is to conduct a full risk assessment to identify vulnerabilities and areas of non-compliance, and then create a strategy to mitigate or eliminate them through solutions that fit the budget, culture, and IT and physical infrastructures of the business. Through this comprehensive risk assessment process, an organization can design a cybersecurity program that both best mitigates risk and fits its needs.
1. MFA and unique complex passwords to access all computers, networks and clouds.
2. Advanced threat detection and prevention on all networks and computers.
3. An automatic VPN.
4. MDM for all mobile devices with access to company email or other data.
6. Users not permitted to have administrator privileges.
7. Data encrypted at rest on all laptops and mobile devices, and certain sensitive data encrypted on servers and in clouds.
8. Properly configured network firewalls, and local firewalls deployed on all laptops.
9. Automatic mandatory pushing of patches and updates.
11. Real-time monitoring of and response to security alerts through a security operations center (SOC) and/or security information event management (SIEM) application.
12. Offline backups and cloud-based failover redundancy.
13. Access and activity logging configured robustly.
14. Vendor management through appropriate due diligence and contracts.