Network and Internet-based threats in their various forms are a scrooge to modern business computing. Owners of smaller and mid-sized businesses (SMBs) are often too focused on operations while data security is relegated to a “can’t happen to me” mindset. So what can business owners do to better protect themselves? We’ve compiled this short list to highlight the most important action items to put on the business owner’s plate. Work with your IT Manager or Managed Services Provider to ensure these are in place.
Conduct a Security Audit
Involves a complete review of your network architecture, data storage, policies, training, access control lists, patch-levels, audit logs and disaster recovery. Once a baseline has been established, periodic audits should be scheduled to ensure security standards are being maintained. A good list of things to review in an audit can be found here.
Protect your Business Email
Most security threats originate in your business email, such as phishing attacks, malware and ransomware. Through a combination of centralized mail filtering software, endpoint security and proper end-user training, you can minimize the threats that originate by email.
Enable Web Filtering
Most commercial-grade Internet routers will have an advanced security subscription. This subscription will enable sophisticated web filtering capabilities of your router to filter out suspicious web traffic before it enters your network. Make sure you enable these features.
Protect Your Endpoints
An “endpoint” is any device that accesses your network: desktops, laptops, tablets and phones. Endpoint software is a combination of anti-virus and patch management software that keeps your devices protected. Make sure this software is being actively monitored and managed by your IT provider.
Strengthen Your Password Policies
Ever used your birthdate as your password? That’s a big no-no. Ask your IT provider to implement more secure policies such as password length, mandatory character types (example: upper case, numbers, and special characters) and password expiry dates. Its annoying having to keep track of difficult to remember passwords but well worth it considering the cost of a data breach.
Encrypting critical information such as databases and passwords, as well as mobile devices such as phones and laptops will prevent criminals from reading your data even if they are able to gain access. Again, speak to your IT provider for strategies on how to implement encryption.
Educate Your Users
Users must be educated to be vigilant when interacting with anything coming from the Internet, such as:
- How to recognize a suspicious email
- Being careful when downloading programs or files from the Internet
- Not sending sensitive information to non-secure websites
- How not to fall prey to a phising social engineering attacks
Your IT provider should be able to schedule lunch and learn sessions to educate your users.
Run Periodic Deep Scans
No network security strategy is fool-proof. Over time, malicious malware do get access to your network and often sit covertly on your system probing for vulnerabilities or sending data to an external server. Using deep scan software, audit log file analysis and new advancements in artificial intelligence-driven software, the source of suspicious network traffic can be identified and dealt with. Deep scans become more important in compliance-driven industries such as finance and healthcare.
With a proper audit in place, your IT provider should be able to help your business implement these measures in a systematic fashion.