1. Use an Email Gateway Like Mimecast
“Email is often the Trojan Horse of malware getting into your network,” says Marc Sule, CIO at Top 40 supplier alphabroder (as/34063). “A secure gateway can lower your risk by monitoring and blocking users from opening malware attachments or clicking bad URLs.”

2. Utilize Malware-Scanning Software
The goal is to routinely scan corporate systems and personal computers, and alert your IT team when malware is detected. Microsoft’s SCCM Endpoint Protection is a popular choice.

3. Build Sturdy Walls
All networks should have firewalls that are configured correctly, continually patched and constantly monitored.

4. Have Anti-Virus Protection 
Company computers should be updated in real time and make use of heuristics and behavior analysis. All systems, including third-party software, must also feature strong spam filters.

5. Have Good Backups in Place
“Always back up your critical systems on a separate VLAN away from the production system,” says Sule. “If your production systems and logical backups (or even DR environment) all exist on the same VLAN, ransomware may be able to spread and encrypt them all, leaving little option for recovery.”

“If an employee leaves a company, change passwords for the systems they had access to.” — Dave Lakshmanan, ASI CTO

6. Be Link & Attachment Savvy
“Never open an attachment or link from someone you don’t know,” says Greg Muzzillo, founder of Proforma (asi/300094). Be sure to check links before clicking on them. By hovering over a link, you can see the actual web address you’re being directed to – make certain the link is taking you to the website you expected. “Links in scam emails may direct you to web addresses that are long, unfamiliar and use random characters,” Muzzillo adds.

7. Get Smart With Passwords
Your firm should have safe password practices like two-factor authentication. Never use the same password for critical systems like email and logins.

8. Encourage Communication 
“Make sure employees know to report any suspicious emails to a supervisor in charge and the IT department,” says Les Dorfman, EVP of High Caliber Line (asi/43442).

9. Implement a Training Program
It’s money well spent given the growing sophistication of email and phone scams that can persuade even seasoned corporate employees and customer service personnel to give out vital info. Alphabroder contracted with a company that provides anti-phishing training and mock phishing campaigns to monitor, score and identify additional training needs within its corporate user base.

According to the 2018 Counselor State of the Industry report, just 39% of promo distributors have a data security policy. As this chart shows, smaller distributors, in terms of annual sales, are least likely to have protection guidelines.