Technology in your office that’s not secure is a sure gateway for nefarious hackers and unscrupulous technology-thieves. Your software, laptops, desktops, and other connected devices, when not protected and monitored, can do way more harm than good for your company. What do you do when you know you have assets that are not secured?
- Are you taking proper steps to protect them in the ways you can and should?
- Do you know what these steps look like?
- Is your plan documented or ready to implement, when a possible crisis strikes?
According to the Herjavec Group, twelve people become a victim of cybercrime every second. The U.S. has even declared cybercrime a national emergency, and because small businesses are prime targets, business owners can’t take computer security lightly.
In our experience, we’ve found that most business can’t keep tabs on every cybersecurity best practice, yet there are seven critical things you can put in place today to protect your small business.
In your towering list of daily responsibilities, patch updates fall low on the docket. We get it. But disregarding these low priority tasks can expose you to potentially catastrophic software vulnerabilities. Take Equifax, for example: Hackers entered their system through a web application vulnerability that had a patch available for two months. Attackers recognize that patch weaknesses are low-hanging fruit because IT administrators so often overlook them.
Start by creating a strategic process for consistently installing automatic patch software and OS system updates, then document and enforce your patch management strategy to cover your bases. Here are some steps to take when defining this strategy:
- Document all software your company uses
- Build in proactive management solutions
- Define and enforce your policy
Manage all devices, including mobile
Do your employees suffer from slow, unreliable computers?
Do they all have some sort of protection or safeguards, even your smartphones and tablets?
Are you sure about this? When did you last validate this, inside your office?
Some of the reliability issues could be a sign of spyware or malware. Run spyware scans weekly to fend off attacks. Automated solutions take the manual labor out of virus and file scanning.
Remote monitoring and managed antivirus and antimalware helps to keep both known and emerging malware off workstations and servers. It should be proactive, instead of always reactive.
The best managed antivirus stays up to date with the latest threats using traditional signature-based protection, but also protects against new viruses using sophisticated heuristic checks and behavioral scanning.
With new threats created each day, businesses can protect themselves by using these proactive methods to help ensure rock solid malware protection.
Update your corporate password policy
Talking about passwords gets old, we know. Yet, it’s one of the easiest to control, and most neglected tasks inside most IT departments and inside most offices.
Password experts like Bill Burr once recommended that employees update their passwords every 30-60 days. But, studies now show that forced, frequent password changes encourage people to choose weaker passwords, and hackers have no problem cracking these.
Now, that doesn’t mean you should never ask employees to update their passwords. Instead, here are things that you should NOT do when executing your password policy:
- Avoid including names in passwords.
- Avoid repeating previously used passwords.
- Avoid password hashing, which is replacing letters of old passwords with symbols and numbers. Smart malware and hacking algorithms can now consistently guess hashing patterns.
Back up daily and test your restore process often
We hear data restore and data backup horror stories all the time from new clients.
And it you or your current IT vendor are using tape backups, we want you to know that eventually these are going to fail. If you’re still using this outdated method, and not leveraging the cloud, your data could be at risk.
Even the best backups and restores fail, so don’t skimp on testing and certainly don’t go cheap on your cloud backup solution. AWS and Microsoft Azure have platforms to solve this that are very affordable. The focus needs to be on documenting and testing your backup and restore process so another staff member knows exactly what to do when disaster strikes.
This is an important process in your data backup and recovery strategy.
- Ideally, you want to set up a backup schedule based on the nature of your data. For instance, back up mission-critical information like financial information daily.
- Less sensitive information can be backed up weekly.
- Things like your CRM, customer data, contracts, and sales related information a top priority when establishing a consistent cadence of data backups.
Have a plan for stolen computers or lost devices
We see an uptick in this with our current business clients.
If employees work remote or have devices at home with them, you must prepare for the inevitable: eventually some device will become lost or stolen.
- And when this happens, what if an authorized user gains access to your employees computer?
- Do you have remote wipe capabilities in place?
- Do you have an identity access management system to quickly reveal which programs may be compromised and which passwords need to be updated?
- Do you have a strategic process in place to audit your software and systems, and document the immediate steps that need to be taken if a computer is stolen to prevent information from getting in the wrong hands?
These can be tough questions to ask and even harder to execute, but are very necessary to protect you business and your IT and technology.
Email and internet restrictions
Sure, ignoring unsolicited emails, phishing attacks, and spammy links that come from people you don’t know might seem obvious. But, you CAN’T assume all employees know how to identify spam attacks and phishing attacks, and know how to act accordingly.
The best way to identify potential targets, and prevent them, is through education and by testing user behavior.
- For example, will employees avoid untrustworthy downloads?
- How will they react to a potentially spammy email?
- Will they forward emails asking for a wire transfer?
- Will they recognize emails that are look EXACTLY like an email coming from the CEO, but with one character missing, designed to trick you or your team members?
At Cooperative Systems, our cybersecurity solutions solve these cybersecurity problems. We work with you and your team to track and notice who is clicking and provide those users with training to prevent successful spam and data breaches.
Consider Virtual Private Networks
Personal firewalls protect a single Internet-connected computer by controlling how programs use your network and preventing computer files from being scanned.
In-office routers provide another layer of security, too. But what happens when employees work remote or outside the office, possibly at a coworking space, coffee shop, or airport? Using private Internet connection is a major security vulnerability and that’s where a virtual private network (VPN) can help.
VPN’s encrypt your web traffic to a server, which the VPN company operates. By leveraging this process, trackers see the VPN’s IP address, not yours. VPN’s can also hide or mask your location to protect you or other employees when working abroad.
The thought of keeping up with today’s newest cybersecurity trends and threats can be draining. But protecting your company’s IT, network, and technology is just as important as locking your office doors.
Have the best of both worlds: a strategic and comprehensive threat management solution on a budget that fits your business.
Fill out the form below to learn more.