Security for 2025
The responsibility for IT security now rests entirely on your organization. Unlike utilities such as electricity or telecom, IT is not heavily regulated. As reliance on technology grows, organizations must be prepared to invest more in security.
At Electric Software, we adapt to meet the changing needs of our clients. In 2025, we will place an even greater emphasis on security and compliance. While we aim to reduce costs where possible, every client should expect increased IT spending based on:
1. The sensitivity of your data and compliance requirements.
2. The importance of your data to your operations.
3. The number of users needing secure access.
4. The systems requiring safeguards.
5. The potential cost of a critical security incident.
2. The importance of your data to your operations.
3. The number of users needing secure access.
4. The systems requiring safeguards.
5. The potential cost of a critical security incident.
We've spent the past two years researching and consulting with security experts to develop comprehensive solutions. Moving forward, we'll focus on:
• Keeping Electric Software safe.
• Protecting client data and operations.
• Electric Software needs to stay fully operational so we can continue to provide the services our clients depend on. So will be taking steps to limit our exposure if clients choose not to follow recommendations.
• Protecting client data and operations.
• Electric Software needs to stay fully operational so we can continue to provide the services our clients depend on. So will be taking steps to limit our exposure if clients choose not to follow recommendations.
Standard Safeguard Checklist
Essential Security Measures
A comprehensive safeguard checklist is crucial for maintaining robust security practices. This checklist covers key areas that organizations should address to protect their digital assets and sensitive information.
Regular Review and Updates
The standard safeguard checklist should be regularly reviewed and updated to ensure it remains effective against evolving cyber threats. It serves as a foundation for implementing and maintaining a strong security posture across the organization.
Comprehensive Safeguard Checklist
Protecting Your Data in the Cloud
- Control who can see and share files.
- Regularly check where files are stored and who is accessing them.
- Get alerts if large amounts of data are downloaded or shared in places they shouldn't be.
Protecting Your Data on Devices
- Encrypt (lock) files on all computers to keep them safe.
- Watch for unusual activity, like someone accessing sensitive files without permission.
- Block or track the use of USB drives to prevent unauthorized data transfers.
Managing Passwords
1
Use Password Manager
Use Keeper or other company-approved password manager to store and manage passwords securely.
2
Prevent Browser Password Saving
Stop employees from saving passwords in their browsers, like Chrome or Edge.
3
Educate on Strong Passwords
Teach employees how to create strong passwords and why it's important not to reuse them.
4
Implement Secure Login Options
Set up secure, password-free options like facial recognition or phone-based codes.
5
Require Two-Step Verification
Require two-step verification (MFA) for all logins to add extra protection.
6
Restrict Login Access
Only allow logins from approved devices and locations.
Securing Cloud Accounts
1
2
3
1
Update Settings
Keep Microsoft 365 or Google Workspace updated
2
Set Up Alerts
Monitor for suspicious activities
3
Enable Scanning Tools
Stop cyberattacks proactively
• Keep your Microsoft 365 or Google Workspace settings updated for the best protection. • Set up alerts for suspicious activities, like mass deletions or unauthorized sharing of files. • Enable tools that scan for and stop cyberattacks before they happen.
Protecting Emails
1
2
3
1
Monitor email activity
Spot potential data leaks or unusual behavior
2
Block spam and phishing
Prevent malicious emails from reaching employees
3
Encrypt sensitive information
Automatically secure emails or provide secure file sharing links
• Automatically encrypt emails with sensitive information or provide a secure link for sharing files.
• Block spam and phishing emails from reaching employees.
• Monitor email activity to spot potential data leaks or unusual behavior.
Securing Mobile Devices
1
Use Mobile Device Management (MDM)
Use Mobile Device Management (MDM) to separate personal and work data on employee devices.
2
Set Remote Lock and Wipe Rules
Set rules to remotely lock or wipe work data if a device is lost or compromised.
3
Consider Company-Owned Devices
Consider providing secure, company-owned devices for employees accessing sensitive data.
Testing for Weak Spots
1
2
3
1
Regular Penetration Testing
Find and fix potential weaknesses
2
Prioritize Testing
Cloud, servers, networks, sensitive apps
3
Vulnerability Scans
Run regularly and fix promptly
• Schedule regular penetration testing to find and fix potential weaknesses in your systems. • Prioritize testing for cloud accounts, servers, networks, and any apps handling sensitive data. • Regularly run scans for vulnerabilities and fix them promptly.
Protecting Computers and Devices
1
Use Managed EDR Tools
Use managed Endpoint Detection and Response (EDR) tools to quickly spot and stop threats.
2
Install Antivirus and Anti-malware
Install antivirus and anti-malware software on all devices.
3
Keep Devices Updated
Keep all devices up to date with the latest patches and security updates.
4
Respond to Ransomware
Watch for and respond to ransomware attempts automatically.
Cybersecurity Awareness
1
Annual Training
Provide annual training for employees to spot scams and phishing attempts.
2
Practice Simulations
Run practice phishing simulations to improve awareness.
3
Tailored Training
Tailor training to your industry, such as focusing on CIPA compliance for schools or PCI DSS for businesses.
Staying Compliant
1
2
3
1
Create Policies
Meet legal and industry requirements
2
Schedule Reviews
Regular compliance updates
3
Plan for Breaches
Response and notification
• Create and maintain written policies to meet legal and industry requirements (e.g., CIPA, HIPAA, PCI DSS). • Schedule regular compliance reviews and updates. • Have a plan in place for responding to breaches and notifying affected parties.
Preparing for Disasters
1
2
3
1
Test disaster recovery plan
Ensure quick data recovery
2
Back up important files
Emails, cloud drives, servers
3
Keep separate backup copy
For emergencies like ransomware
• Test your disaster recovery plan to ensure you can recover lost data quickly.
• Back up all important files, including emails, cloud drives, and servers.
• Keep a separate copy of backups in case of emergencies, like a ransomware attack.
Securing Your Network
1
Regular Network Scanning
Scan your network regularly for weaknesses.
2
Firewalls and Content Filters
Use firewalls and content filters to block dangerous websites and activities.
3
DNS Protection
Protect your DNS (the address book of the internet) to prevent hackers from redirecting traffic.
Reducing Risks
1
2
3
1
Test Systems
Regular security checks
2
Cyber Insurance
Up-to-date coverage
3
Financial Rules
Strict transaction policies
• Test your systems regularly to ensure they're secure.
• Keep cyber insurance up to date to cover potential losses.
• Set up strict rules for financial transactions to avoid scams like fake payroll changes.
Extra Security for Schools
1
Block Inappropriate Websites
Block inappropriate websites as required by CIPA.
2
Restrict Student Access
Restrict student access to only what they need for schoolwork.
3
Manage School Devices
Manage school devices like Chromebooks or tablets to keep them secure.
Extra Security for Churches and Nonprofits
1
Protect Donor and Volunteer Data
Protect donor and volunteer data with strong encryption and controls.
2
Train Staff on Scam Detection
Train staff to spot scams targeting donations or sensitive information.
3
Implement Secure Payment Systems
Use secure payment systems that follow PCI DSS rules.
Extra Security for Businesses
1
Protect HR Files
Protect HR files with strict access controls and encryption.
2
Stay Compliant
Stay compliant with rules like PCI DSS, HIPAA, or GDPR, depending on your industry.
3
Secure Payment Apps
Make sure any apps handling payments or sensitive data are secure and regularly checked.
Monitoring and Reporting
1
2
3
1
Respond to Threats
Set up alerts for quick response
2
Regular Reporting
System health and potential risks
3
Dark Web Monitoring
Watch for stolen credentials
• Use Dark Web Monitoring to watch for stolen credentials. • Provide regular reports on your systems' health and any potential risks. • Set up alerts to respond quickly to threats or unusual activity.
Protecting Your Finances
1
2
3
1
Multi-step Approvals
For financial transactions
2
Avoid Scams
Prevent fraudulent requests
3
Employee Training
Spot fake money requests
• Require multi-step approvals for financial transactions to avoid scams.
• Train employees to spot fake requests for money, like gift card or payroll scams.