It happens all too often these days: a major, multi-national, multi-billion dollar corporation issues a press release stating that a serious security breach has occurred. In some cases the announcement includes a statement that credit card numbers were stolen. In other cases, personal customer information was accessed.
The simple fact of the matter is this: if that can happen to large corporations, then it can also happen to your small business. You’re only going to be immune to security breaches if you implement some preventative maintenance to ensure that your systems are protected from malicious intent.
I spoke with IT consultant Michael Jaccarino on several points of failure that your business may currently have in its policies and steps that can be taken to shield your company from cyber attacks.
No password policy. "Making sure that you and your employees use strong passwords is one of the easiest ways to prevent hackers from accessing your email and social media accounts as well as accessing your network," says Jaccarino.
A strong password should consist of both lower and upper case letters, as well as numbers, special characters and should be at least 8 characters long. You can check to see how strong your current password is by visiting the following site.
A few suggestions on creating a strong password:
- Try spelling a word backwards, for example turn michaeljaccarino into oniraccajleahcim.
- Substitute numbers for letters, so in the above example, substitute “i” with “1″, turning oniraccajleahcim into on1raccajleahc1m.
- Alternate lower case and upper case letters, making on1raccajleahc1m into On1raCCajleahc1M.
- Throwing in some special characters to make On1raCC@jle@hc1M
Failure to keep software up to date. "It’s tempting to ignore software updates if you haven’t experienced a breach yet. It’s in human nature to get complacent when the consequences of not doing something haven’t been made readily apparent," says Jaccarino. "However, that is no excuse. It's simple to update software and it's just good policy to do so."
To keep your systems secure, you will want to ensure the following:
- Operating System: It’s imperative that your network computers are patched with the latest updates to ensure that security gaps that attackers will exploit are closed.
- Applications: As exploits that hackers can take advantage of are detected, software vendors release patches to close the vulnerabilities, helping to protect your system from intrusion. Of course, they only work if you install them, so make sure that you routinely make a check that the various applications you’re running are up to date.
- Anti-Virus Software: Make sure that you are keeping it up to date with the latest patches so that your systems are protected against all of the most recent virus threats.
Lenient policies with BYOD. The Bring Your Own Device (BYOD) craze has taken some companies, including small businesses, by storm. Some managers believe that it improves employee creativity and enables people to work harder as they don’t have to be tethered to a desk in an office to get things done. However, what happens if an employee’s device, containing sensitive company information, is lost? What happens if those personal devices are not as well protected as company devices? Potential for security breaches occur if a security policy isn’t put into place that covers the personal devices of employees used to access company resources.
Failure to monitor network logs. You have a corporate network that people are accessing on a regular basis. Do you have system administrators who are checking those logs to ensure that there are no security breaches?
"If the account used by one of your trusted employees is used to access the network in the middle of the night, when they are blissfully asleep at home, that should be a red flag. A periodic review of network logs is a proactive means to ensure that there aren’t unwanted guests visiting your network and possibly sabotaging your business," says Michael Jaccarino.
Overuse of the cloud. Using a cloud-based network is very tempting, especially for small businesses. The cost is significantly less than what it would cost you to establish your own network infrastructure. It’s usually a turnkey operation, so you can be up and running in just a day or so. There are usually automatic backups provided by a cloud computing service as well. However, all of those benefits can potentially be offset by the fact that your very important data files will be stored somewhere other than at your own facility.
It’s important that prior to signing up with a cloud service provider that you try to get an independent audit of their security status or at the very least ask a few important questions such as:
- Ask to see a report of the service provider’s reliability report to determine how much downtime the cloud service provider experiences and to ensure that they meet the requirements of your business.
- Ask how passwords are assigned, protected and changed as cloud service providers typically work with a number of third parties, so it’s important to get information about those companies which could potentially access your data. Make sure that they also do employee background checks to weed out potential cyber criminals.
- Make sure to ask any questions about compliance with government legislation that is specific to your industry. For example, if you’re in the healthcare industry, you’ll want to make sure that your cloud service provider is HIPAA compliant.
Additional security measures to look for include firewalls, anti-virus detection, multifactor user authentication and data encryption, and routine security audits.
Make sure to take a few moments to talk with your in-house IT staff on the best way to begin implementing some these steps so that you can start securing your network and data.