With the recent security breaches involving iCloud, Home Depot, Target, eBay, and Google, businesses are scrambling to make sure they’re doing everything they can to reinforce their data security standards – but are there some measures they’re overlooking? To improve your defenses against cyber attacks, adopting measures recommended by managed technology services providers (like TekLinks) can help in a variety of ways.
1. Think about handling the IT security of your business the same way you would your home security.
- What data do you consider valuable and who has access to it? = “Who can open your wall safe or gun cabinet?”
- What kind of persistent monitoring on your network do you have? = “Do you only have an alarm system on your house, or do you have an active neighborhood watch/surveillance in place as well?”
- Can you trust your users – or do you see them as a potential risk? = “Who do you allow on your property or who do you invite into your home?”
- Do you train your users properly on risk and accountability? = “Do you hold regular family meetings to make sure everyone knows what they’re responsible for?”
- Do you have a public relations plan, or reporting process, in place in the event of a breach? = “Do you know how to alert the neighborhood quickly and effectively after a break-in?”
2. Take a good, hard look at your users. In many cases, internal users or human error are to blame for security breaches, not the technology itself.
- Many business owners do not realize that the percentage of external to internal breaches is (surprisingly) close to 60-40%.
- Do your employees know that they should create complex passwords (not “123456” or “password1”)?
- Do they know that they can’t keep those passwords written down on a sticky note attached to their monitor?
- What is your BYOD (Bring Your Own Device) policy at the office? (And if you don’t have one, you should put one in place immediately.)
- Make sure your internal controls, policies & procedures documentation stays updated and clearly communicated to every employee.
3. Never underestimate the power of strong passwords, anti-virus software, data encryption, and multi-factor authentication.
4. Many SMBs (and some enterprise companies) are moving their data to the cloud because of security, not in spite of it.
Business owners with a limited IT budget are discovering that their cloud services provider (CSP) can provide them with more security than they could afford to put in place on their own. CSPs often offer managed technology services that monitor data logs, escalate threat resolution, and conduct in-depth assessments with their team of experts, all at a price-point that fits many smaller companies’ budgets.
5. Beware of "shadow IT."
Shadow IT is what occurs when people who know very little about technology make decisions that affect the way IT is used in the business. This is not bad in and of itself – but it does mean that you must still take precautions to keep your systems installed, patched, and upgraded correctly. You should still listen to your IT advisor, even if what they have to say may seem to make your office life a little more difficult. As our parents used to say, “it’s for your own protection.”
6. A culture of compliance is key.
It is important that your entire workforce “buy into” acceptable use and best practice every day. That means that you educate each of your employees as to why they should care about security so that they will willingly invest their time in taking those precautions, rather than resenting the policies as something they simply “have to do.”
7. Don't overlook your vendors.
Make sure that they can demonstrate that they, too, undergo regular audits and adhere to security best practices. Make sure they can answer all your questions about security – if they can’t, you shouldn’t do business with them.
And, of course, if you have any questions about your current corporate data security standards, you can always contact a TekLinks account manager or engineering expert. That's what we're here for - to make technology work securely for you.