Many business owners and IT professionals ask us “What do I need to ensure my business is secure?” Security is constantly changing and we recommend you work with an IT professional to protect your business. Security is a highly complex subject, however we did our best to break it down as simple as possible into three categories.
1. The Big Picture of Business Security
Physical security refers to the secure, physical storage of all your data. A server should be in a locked closet. Workstations should be in a locked office. Although physical security may seem obvious, you would be surprised how often it is neglected. Many business owners often look into storing in a data center, because they are at the very least, much more physically secure than most offices. All the technical security in the world will not help if someone can walk into your office and walk away with your data.
Deploying some sort of perimeter device such as a firewall is critical to ensuring that no one outside of the company can access the network. Firewalls must be setup by a network professional and should include Intrusion Protection Security (IPS) or Intrusion Detection Security (IDS). Bots are constantly searching for unprotected networks, so data can be stolen within an hour without a firewall.
A wireless network is considered another place of possible intrusion, so it needs to be secure. The wireless network device should have updated firmware, and always be password protected to prevent others from using it.
2. Workstation Security
Each workstation needs protection against viruses and malware. Malware and viruses can infect your computer by simply visiting a website. Even a “secure” website can be used as a portal to infect your machine through an advertisement. Clicking is no longer a requirement.
Every company should have email secured by an antispam product. Spam emails often contain viruses.
On a side note, email is absolutely not secure. Do not send any critical information via email.
Updated Software Patches
If there are issues with common software such as Adobe, Microsoft or Java, hackers can use the vulnerability in the code to gain access to the computer. Ensuring all security updates are applied to all machines is critical to protecting against vulnerabilities.
3. User Security
All devices that can access data should have passwords. There continues to be a debate between whether it is more secure to have a short complex password or a longer simpler password. We advise that all system passwords have a minimum of ten digits and a minimum of three different kinds of characters.
We encourage our users to always lock their computer when they step away from it. If it’s appropriate for your company culture, you can allow unlocked computers to become fair game for practical jokes. For example, if you leave your computer unlocked at MyITpros, you will likely come back to it with David Hasselhoff wallpaper.
All users should be running with the lowest privileges possible. Most users are local administrators for their machine. Local administrative privileges allow downloads even when the download is unintended. Accidental virus downloads can be prevented with proper privileges implemented on the machine.
Security Means Having a Plan B
Part of having good security includes ensuring your data is backed up, testing those backups and storing a copy of that data offsite.
Many of these essential security tips can be resolved by hosting your data in the cloud.
[include id="11" title="Is The Cloud Right For Your Business"]
Our goal for this blog is to answer the questions you ask. If you have any questions about the cost of Managed Services or any other topic please email me at email@example.com. To learn more about IT subscribe to our blog.