Fall 2015 Issue of Horizons

Safeguard Your Data Data protection must be company-wide. Think about the various ways in which your company interacts with technology and data. Use these areas to develop policies, procedures and technology solutions. Each of the areas listed on the following page is part of a layered defense approach, so that if any one layer is compromised, the additional controls can still provide protection and detection capabilities. Physical Environment Safeguarding your data begins with a secure physical environment. Restrict access to physical areas with sensitive information and monitor who accesses the area. Maintain secure destruction of paper and media, including PC drives, USB drives, servers, copiers, scanners, etc.

Technology Infrastructure Understand your inventory of hardware, software, and applications so you can recognize something out of the ordinary. Implement web content filtering and automated “threat intelligence” feeds to block outbound access to known malicious sites. Install and update antivirus and anti-malware protection regularly. Decide who receives mobile devices and set up protocols for how and when they are used. Consistently monitor for malicious or abnormal behavior across the network, applications, and end- user workstations. Finally, establish solid perimeter controls, including firewalls and intrusion detection/prevention programs which include regular review.

Cyber Security Health Check The areas listed below are covered in the “The Critical Security Controls for Effective Cyber Defense, Version 5” found at www.RubinBrown.com/CriticalControls and include aspects of the National Institute of Standards & Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity, International Organization for Standardization (ISO) 27000 series, and can be linked to other standards as well.

Data Retention & Secure Destruction

Access & Authentication Controls

Change Management

Data Security

End-Point Protection

Information Security Policies

IT Risk Assessment Process

Logging, Auditing & Monitoring Mobile Devices

Network Architecture, Design & Implementation

Password Management

Patch Management

Perimeter & Network Segmentation

Recovery, Response & Continuity Plans

Remote Access & Authentication Controls

Third Party Security & Cloud Usage

Vulnerability Management

Wireless Security

www.RubinBrown.com | page 19