SourcetekIT is happy to announce their compliance with the Canadian Centre for Cyber Security’s Baseline Cyber Security Controls for small and medium sized organizations. This practice outlines 13 steps to improve an organization’s resiliency via cyber security investments. Below is a brief description of each step and how SourcetekIT incorporates them into their services.
• Develop an Incident Response Plan
Organizations should have a plan in place to respond to and recover from cyber attacks. This also requires active monitoring of the system to identify breaches as soon as they occur to minimize damage. At SourcetekIT, we provide monitoring 24/7, 365 days a year. When a breach occurs, we immediately contact the client and prepare to respond to the attack with a previously developed plan.
• Automatically Patch Operating Systems and Applications
Instantly responding to vulnerabilities and frequently updating software is necessary for your organization to continuously operate with maximum security. Our proactive monitoring system allows us to identify and treat areas of weakness, including the latest software updates.
• Enable Security Software
All work devices should have anti-virus and anti-malware software downloaded. SourcetekIT offers a full range of аntі-vіrus рrоtесtіоn and firewall ѕоlutіоnѕ with our Network Operations Centre (NOC).
• Securely Configure Devices
All organization devices should have customized settings to remove unnecessary features and enable relevant security features. Organizations should also enforce mandatory password updates frequently for all devices and password protected profiles. We help organizations determine the features necessary for maximum security, and establish practices for monthly password updates across the entire organization.
• Use Strong User Authentication
Organizations should implement multi-factor authentication, enforce password changes if suspicious activity is found, and outline best practices for password creation. We help organizations design custom practices to enforce strong user authentication, and educate the employees on the importance of such activities.
• Provide Employee Awareness Training
Organizations should invest in cyber security awareness for their employees. SourcetekIT provides security awareness and corporate training, which has proven to decrease the amount of attacks caused by internal human error.
• Backup and Encrypt Data
Essential information should be backed up and encrypted with restricted access. We provide recovery and backup solutions with our Network Operations Center (NOC).
• Secure Mobility
Organizations must establish a plan for the use of work information on mobile devices. This includes identifying a list of approved applications, Wi-Fi networks, detailing the separation of personal and work data, and how to encrypt work data on mobile devices. SourcetekIT can develop this plan to satisfy the organization’s unique infrastructure, and educate employees on how to securely access work information on their mobile devices.
• Establish Basic Perimeter Defenses
To defend an internal network from outside intruders, organizations must have a system in place to secure connections. This includes dedicated firewall boundaries, DNS firewall for outbound DNS requests to the internet, and active software firewalls for all devices within the network. By analyzing your network, SourcetekIT can determine the most secure connection practices for your organization, including firewall solutions and best practices for remote workers.
• Secure Cloud and Outsourced IT Services
Before outsourcing IT services, organization’s should educate themselves on how outside providers will handle, access, and store their sensitive information. Furthermore, it is important that cloud service providers comply with the Trust Service Principles. Before selecting a provider, organizations should ensure that their IT infrastructure and end users communicate securely with cloud services and applications. Once the cloud service provider is chosen, organizations should enforce two-factor authentication for all cloud services administrative accounts. SourcetekIT оffеrѕ your соmраnу the full ѕuіtе оf ѕеrvісеѕ nесеѕѕаrу to plan and еxесutе уоur mоvе to the cloud and position уоu tо tаkе full аdvаntаgе оf аll its іmроrtаnt bеnеfіtѕ.
• Secure Websites
Organization’s websites should meet the OWASP (Open Web Application Security Project) ASVS (Application Security Verification Standard) guidelines. These guidelines provide a basis for testing web application technical security controls and outline a list of requirements for secure development. SourcetekIt can perform vulnerability testing on your website and identify steps for improvement. This can further secure your website, bringing it to an acceptable level and effectively reducing your chance of a cyber attack.
• Implement Access Control and Authorization
To minimize the vulnerability of important data, organizations should consider implementing a centralized authorization control system, restricting administrative activities to administrative accounts, and minimize the functionality of accounts to the bare necessities. After analyzing an organization’s system, SourcetekIT can establish a hierarchy of access for departments and employees.
• Secure Portable Media
Organizations should mandate the use of organization-owned secure portable media with strong asset controls and encryption. Additionally, they must have a process to sanitize and destroy this portable media. SourcetekIT can help design and enforce this system.