Security Best Practices

Many national and professional organizations have published lists of security best practices. Some of the most helpful guidelines are found in organizational repositories such as the National Institute of Standards and Technology (NIST) Computer Security Resource Center.

• Perform a risk assessment

Knowing and understanding the value of what you are protecting will help to justify security expenditures.

• Create a security policy

Create a policy that clearly outlines the organization’s rules, job roles, and responsibilities and expectations for employees.

• Physical security measures

Restrict access to networking closets and server locations, as well as fire suppression.

• Human resources security measures

Background checks should be completed for all employees.

• Perform and test backups

Back up information regularly and test data recovery from backups.

• Maintain security patches and updates

Regularly update server, client and network device operating systems and programs.

• Employ access controls

Configure user roles and privilege levels as well as strong user authentication.

• Regularly test incident response

Employ an incident response team and test emergency response scenarios.

• Implement a network monitoring, analytics and management tool

Choose a security monitoring solution that integrates with other technologies.

• Implement network security devices

Use next generation routers, firewalls and other security appliances.

• Implement a comprehensive endpoint security solution

Use enterprise level antimalware and antivirus software.

• Educates users

Provide training to employees in security procedures.

One of the most widely known and respected organizations for cybersecurity training is the SANS Institute.

• Encrypt data

Encrypt all sensitive organizational data, including email.