Get an overview of the latest IT security guidelines and regulations for Washington
Washington is one of the hardest hit states when it comes to cybercrime. According to the FBI’s Internet Crime Report in 2019, it was in the top ten for the number of victims. For example, the state had 254.1 victims for every 100,000 in population. That’s why the Washington State government technology service agency, WaTech, has outlined cybersecurity guidelines and requirements for organizations throughout the state.
The following list includes steps you can take to create a layered security approach at your business. WaTech requires any organizations receiving state funds from Washington to comply with these rules, while they recommend them as guidelines for other businesses.
Steps to Create a Layered Approach to Cybersecurity
Begin Classifying Data
The type of data your organization collects will dictate your approach to cybersecurity. Classify your data as public, sensitive, confidential, and special handling.
Create a Hardware/Software Replacement Policy
If the manufacturer no longer supports your hardware or software, it doesn’t receive crucial updates and security patches. That’s why you need to create a policy that states how often you will replace these items before failure occurs or end of support.
Manage Your Firewall
Your firewall is the first line of defense against hackers and needs to be licensed and active with the manufacturer. You’ll also want to use a next-gen firewall with intrusion detection, intrusion prevention, gateway blocking of malware and spyware, and geo IP blocking technology.
Create a Policy for Security Patch Management
You need to ensure that as updates and security patches are released, they are being deployed on your devices. Create a policy that outlines who is in charge of this process and how it works.
Verify User Access
In your organization, you need to authorize that any user logging into your systems is who they say they are. You can accomplish identity management using four categories: unique user IDs, multi-factor authentication, a password policy, and auto screen locking after ten minutes.
Data encryption is essential. Your data needs to be encrypted both in transit and at rest. Don’t forget to encrypt portable media, such as thumb drives, and email.
Wireless networks are a prime way that criminals access your systems. Ensure that you use a minimum of WPA2 or WPA2 Enterprise passphrases on all wireless networks you are allowing to access the internet. Also, you should set up three separate networks — one for IT, one for staff, and 1 for guests.
Install Anti-Virus, Anti-Spyware & Anti-Ransomware Protection
Even with a next-gen firewall, your organization still needs anti-virus, anti-spyware, and anti-ransomware solutions. These solutions are a critical layer in your security framework and should have detection, prevention, and recovery controls.
Use a Mobile Device Management (MDM) Software
Every endpoint at your company needs to be secure, including mobile devices such as laptops or smartphones. Use an MDM solution that gives you the ability to lock the device, remotely wipe any data, and encrypt data.
In conclusion, by using these tips and others mentioned in the webinar above, you will be able to protect your company better and comply with Washington security guidelines or requirements.