Antivirus and antimalware programs
It should go without saying that antivirus and antimalware programs are essential. However, they’re still worth mentioning, as you need to go beyond the absolute basics.
There are lots of antivirus programs out there to choose from, but not all antivirus programs are made equal. NIST 800 outlines some of the minimum standards you should aim for. As the framework is necessary for securing defense contracts, it’s safe to assume that their minimum standards are quite high.
Around 350,000 types of malware are identified every day. That means your defenses against it need to be top-notch. With that statistic in mind, it’s no wonder NIST 800 doesn’t leave anything to chance on the malware front. By using it as inspiration for your own defenses, you could significantly reduce the likelihood of an attack affecting you.
Access control policies
Access control policies identify who can have access to various types of information. They also identify how you can access that information.
When it comes to who can access different types of information, you should only grant access on a need to know basis. If it isn’t necessary for someone to access data for the purpose of their job, they shouldn’t access it at all. Should someone with access move into a different role, you should always review their access to see whether it’s still necessary. Finally, you also need to discuss how you will revoke someone’s access once they’ve left your organization.
As for how you and your employees can access different types of information, pay particularly close attention to mobile devices. Around 87% of businesses depend on Bring Your Own Device (BYOD) policies. If yours is one of them, make sure it’s safe to access various types of data using each device and outline how your employees can do so.