How to improve IT security as a non-technical leader in your organization
The following 4 IT security measures may not be under your direct control, but you can certainly advocate for them to affect positive change at your workplace
Two-thirds of ransomware entry points are through phishing emails, so actively ensuring that your staff are sufficiently cybersecurity aware is critical. Several excellent solutions exist, but we recommend the ESET Cybersecurity Awareness Training:
Users with local administrator rights have the ability to install malware. Eliminate this risk by granting employees the minimum level of access to do their jobs. Malware can move laterally across your network and gain elevated access to wreak havoc on your systems.
If an attacker is able to obtain an employee’s credentials, such as through a successful phish, two-factor authentication prevents the attacker from gaining access to the victim’s Office 365 account, including emails and contacts.
If you lose your computer, an attacker could extract data from it. Proactively guard against a potentially disastrous data leak by enforcing BitLocker on your workstations. It’s a seamless security inclusion on modern systems.
To deepen your understanding of these IT security measures, plus many more, we recommend that you review the following resource produced by the Canadian Centre for Cyber Security. It’s a comprehensive document which is written to be accessible to a non-technical audience.