Risk Assessment

Ensure you have effective endpoint, network and email protection that filters out spam, malware and dangerous file types.

Training employees to be suspicious of emails, attachments, websites, and knowing how to prevent malware from infecting their computer and the network.

Consider a patch assessment tool to ensure your operating system and applications are up to date with the latest security fixes. Most exploit kits can be countered by an available patch.

Install software and/or deploy other means to achieve a secure web gateway that can identify and block exploit kits before they infect your systems.

Cyber thieves capture a user’s password and confidential information to allow access to larger network areas that can contain: back-end databases, patient records, and point of sale transactions. Consider segregating your networks with firewalls.

Identify and control the use of removable storage devices. Not only does this prevent malware from getting in, with data loss prevention (DLP), but it can also help stop personally identifiable information (PII) and intellectual property (IP) data from going out.

Deploy a full protection program and encrypt sensitive data stored on servers or removable media for sharing with business partners. Encryption can be the difference between data lost and data secured.

Monitor and restrict, unnecessary software that reduces security without adding any needed benefit. Mobile devices with significant social media and personal apps present increased security risks.

Without policies and direction employees, departments and organizations don't know how to handle cyber situations. Containing a breach requires policies in place. Provide guidance for employees on how to keep personal and company data secure.

If you move to the cloud, make sure that the ability to encrypt the data – both in the cloud and also when being transferred – is on your core requirements list. And how secure is your cloud storage, where is it actually being stored.