January 15, 2018 —
Data security continues to be a top concern for small and midsized businesses…as it should be. According to the Verizon Data Breach Investigation report, 61% of breaches hit smaller businesses. And while data security might be a top concern, too many small businesses don’t take action. 90% of small businesses aren’t using any sort of data protection according to UPS Capital. In order to protect your business, there are some critical questions you should be asking your IT Security provider. (Don’t have one? Contact Us.)
IT Security Question #1 – How Often Do We Back Up Our Data?
Your business changes by the minute. Backing up your data only once per day or just weekly isn’t enough. That’s because it doesn’t put you in the right position for a fast recovery in the event of data loss. Backing up your data multiple times per day provides you with the protection you need. It also reduces the time required to get back up and running. You may also consider implementing a disaster recovery solution. These solutions can be immediately ready-to-relaunch with your full system, applications, and data. This takes your recovery time down from hours to minutes.
IT Security Question #2 – Is Our Email Secure?
One of the easiest ways for hackers to gain access to systems is via email. You need to protect your organization from spam, email-born viruses, email-based malware, phishing emails, malicious links, unsecured email and Denial of Service attacks. By using solutions that provide advanced threat detection, you can put in place a vital security layer. This layer scans email attachments and compares them against a cryptographic hash database. Emails found to contain malicious content are quarantined and administrators and users can be notified. If no malicious content is found, the email is passed through seamlessly to the user.
IT Security Question #3 – Is Our Data Traffic Secure?
Encryption will help protect your data and personal information as it is traveling through the Internet. For example, if you are passing secure information such as credit card numbers, social security numbers, medical information or even just customer names and addresses, encryption can ensure this data is sent securely rather than as “clear text” which can be read by anyone. Data encryption for your email traffic is no longer an expensive and out-of-reach solution for small and midsized businesses. This technology is now available at an affordable price, and can help ensure sensitive data sent over email will safely reach its destination. It will protect your data from being “read” by hackers who will use the information maliciously. That could include phishing schemes, information gathering including passwords and sensitive financial information, and confidential personally identifiable customer information. All to be packaged up and sold on the dark web.
IT Security Question #4 – Are Employees Visiting Unsafe Websites?
One of the oldest (and still most popular) ways of breaching your systems is done via code that is activated when a user clicks on (or in some cases even hovers over) a malicious link. Malware and ransomware can then be quickly installed on the device and your data can be held hostage. A back-up system can help in this situation, allowing you to recover your data without paying the exorbitant ransom fee. But it is even better if you can proactively prevent the malicious code from entering your system in the first place. Also, it costs a lot less to stop the infection before it starts than to recover from an infection.
You need to have a technology layer in place that checks every data request that is being made out to the Internet to ensure that the requested site is safe.
Those which are safe have traffic routed without interruption. Internet traffic to and from sites which include malicious content are blocked. And those which are considered questionable are sent through another layer of security with malware and anti-virus tools to confirm whether they are safe.
IT Security Question #5 – Do We Have a Password Policy?
While it’s convenient for users to keep the same password for months or even years, it’s horrible for your business. Frequently changing passwords can help protect your organization. Here’s why. Hackers will often “revisit” and re-use the same account information over and over. Allowing them to continually access your systems over time. Frequent changing of your password prevents this repeated abuse. Also, if the user’s computer is moved to a different employee or it leaves your company (through a sale, theft, or recycling) there may be saved passwords stored in the machine.
Changing passwords regularly will reduce the likelihood that these saved passwords will still be valid and can help prevent unauthorized access.
Tracking that employees are regularly updating their passwords is an important step. And solutions are available to help automate and enforce a password changing policy that is appropriate for your company. To make this easy, consider using a password management solution that improves your password management by creating and enforcing more secure passwords, protecting your organization if employees leave, and giving you control over all the passwords being used in your organization.
IT Security Question #6 – Are Mobile Devices a Problem?
Mobile devices can be safe to use if they are set up properly with the right security layers in place. Similar to how you protect your network with technology that filters web traffic to confirm its safety, your mobile devices can be installed with lightweight versions of the same technology. This layer ensures that data requests being made out to the Internet are exchanging information with safe sites. If you have employees on mobile devices that aren’t using this additional security layer, you may be introducing malware and viruses onto the device and then into your overall network. We also recommend mobile devices be connected only to your “guest” (or separate network). This separates them from your default corporate/employee network, creating another security layer between your mobile devices and your core network applications and data.
One of the best ways to protect your systems is to remotely delete all data on a mobile device. This is important in the event the device is lost or stolen. Although you’ll still be out the cost of the hardware, but it can reduce your exposure to the more significant costs of stolen data.
IT Security Question #7 – Are Employees Adding to our Risk?
It’s critical to train your employees so they can recognize phishing schemes, malicious links, suspicious emails. Sophisticated hackers use social engineering to gain access to your systems and steal your data. Well-trained employees are your number one line of defense, yet security awareness training often skipped by small and midsized businesses. The best data security system in the world cannot overcome an employee who unwittingly provides access for hackers.
Implementing a Security Awareness Training program will provide your employees with the critical skills they need to avoid falling victim to hackers thereby compromising your systems. Furthermore, employees can be trained to recognize potential dangers and how to report potential breaks in security.
Moving Ahead
Although data security can seem overwhelming, the good news is there are a lot of cost-effective solutions available to mitigate these risks. And they can be implemented quickly with minimal disruption to your team. In the end, the #1 way to protect your business is to START. Make a plan and move ahead.
To learn more, check out our Data Security insights.
For a free data security assessment, please contact us. We can review your systems and help you move forward with a more secure IT approach to secure your data and protect your business.
– There AccountabilIT Team