What is step one to put security policies in place? What kind of free or paid resources should you turn to? Hear from our CTO, Daniel Bondurant, and security experts as they discuss security best practices. Below are a few key actions we took away from the AICP Security Panel.
1. Make an onboarding and offboarding checklist
When you hire someone or an employee leaves/is terminated, make sure to have a checklist to know what to do when new hires start and what access they have to systems if and when you need to remove them. What ever you are doing now, document it and follow it and see where there are holes.
2. Segment your network
It is easy to do if you have a high quality WiFi router. Make sure people can’t see folders they are not supposed to see.
3. Hold Information Security Training
Set an hour aside to run through an information security training and get your staff up and running. Get them thinking from a more defensive point of view.
4. Engage key and longstanding stakeholders in the company
None of these policies are going to work if you don’t have buy in from everyone in the company.
5. Check out standards within your industry
Commercials do not have easily defined standards to go by. Film has MPAA that defines standards, so there may be a place to start – Fightfilmtheft.org
6. Explore free resources to start
SANS Institute has top 20 security control policies. They offer free resources. CISecurity.org (Center for Internet Security Controls) endorsed by California. CIS has a top 5 list to make it easiest.
7. Never send user names and passwords in the same email
Send the username in email and password via text so there is no way that anyone intercepting your email can find both. This is a very easy way to do Two Factor authentication (2FA).
8. Know how to encrypt files
Encrypting a .pdf is very easy. The shortcut for mac is very simple. Hold down the option key, hit “Save As” and select the checkbox for “Encrypted”. For Windows, you can use .zip file with a password.
9. Remember to prune your servers and schedule time throughout the year
Companies forget to prune their servers or put it off. There are companies that use a server for 20 years and people don’t throw away files. One of your policies should be to go through your servers periodically and archive files and remove them off the server. It is a liability to have old files sitting there, especially if they are no longer pertinent.
10. Understand that security is a cycle, not a straight line.
There is not a point where you can say, I’m secure now. It is a cycle that continues for the life of the company.