In my last post, about cyber threats, I talked about a number of security risks that it’s important to protect yourself against. As a follow-up, here are my five top intrusion prevention tips to protect your company/organization. The points can also help you decide what’s important for your private data.

1. Make sure everyone is aware of the threats. It only takes one employee who is taken off guard, clicks on the wrong link, reveals too much in a conversation or is careless about managing information and ends up giving access to unauthorized persons. A clear policy on how to manage information on the work computer, mobile and outside the company network offers good protection.

2. Make sure all IT equipment is kept updated with the latest and securest version of any software. Also make sure you have an up-to-date and accurate picture of what is on the network, primarily at the interface. And avoid default settings that are not secure, such as default passwords. This applies to work computers, but also to routers, printers, firewalls and suchlike. Your browser is a particularly vulnerable point, so make sure you protect it too. Work mobiles should also be updated and have the proper settings.

3. Make sure the organization is able to handle incidents – because they will happen. Continual technical monitoring of the network makes it easier to take action when something happens, and to detect and stop attacks as soon as possible. It’s also really important to have an effective incident management process in place, so employees know who to turn to and any incidents are dealt with appropriately.

4. Use a risk analysis to adapt the level of protection to the information in question. If the protection is not strong enough, the hacker will have no trouble accessing the information. But if it’s too strong, users may find the system too fiddly and start taking shortcuts instead.

5. Offer protection against eavesdropping. Organize robust encryption for all types of communication, including voice conversations. And make sure there are meeting rooms available for discussing sensitive information.
Of course these measures require a bit of work, but they’re well worth the effort in the long run.

For the more eager among you who want to get things moving quickly, I’ve got five relatively quick and specific tips to start with while you’re working on the above:

  • Make sure as many systems as possible are updated with the latest software.
  • Make sure you have two-factor authentication for logging in to sensitive data, i.e. strengthen the password with the addition of a dongle or security token, or by requiring access to a physical place or computer, or a text message to a specified mobile.
  • Make sure employees have a good pass code on their mobile, along with security-conscious settings.
  • Make sure employees know who to turn to with their IT security questions and to report incidents.
  • Make sure there’s at least one channel for encrypted communication.