To protect your accounts, data and devices, security controls are essential. A password is a simple example of a technical security control, you can also have physical security controls, such as locks on doors. Controls can also be procedural like policies that inform staff what they can and can't do and also to provide security awareness training.
The more controls you add, the harder it is for attackers to access your data. But, you can also have too many security controls which might stop you from being productive, so you must strike a balance that works for you and your business.
Some examples of security controls are:
- Enabling automatic updates for Windows, Mac and other devices
- You also need to ensure you update as soon as you can to be sure you are protected against known threats
- Password Manager
- To provide long, complex and unique passwords for all your accounts
- Using Two Factor Authentication
- Enabling 2FA where available to protect your accounts
- Data Backups
- Ensure you are backing up your data and that you know how to recover from either a security incident such as ransomware or a physical failure of a device that is used to store data such as a computer.
- Using a VPN
- When using public Wifi as it may not be secure. You can also use 4G / 5G data instead of Wifi
- Using Windows Defender
- Check if any updates are available
- You can also use a 3rd party Anti-Virus / Anti-Malware product and ensure it is updated automatically
- Secure Storage
- Use locked cabinets, drawers, doors, etc. to store sensitive documentation or to store devices when not required
- Use a good cross shredder when destroying documents
That's by no means a complete list of 'risks' or controls, but it's a start.
• Passwords & More • Defend the Network • Data Backups
Your data and your identity is what the hackers want, even if you think you're not a target, you are.