Own a small business? These ten critical IT protections are essential.
Robert Mueller, the former FBI Director is quoted as saying “There are only two types of companies: those that have been hacked, and those that will be.”
You don’t have to look very far to see that Cyber threats are occurring on a widespread level. Just within the last week, we all heard Lester Holt state, while acting as moderator during the presidential debate, that our American institutions are under cyber-attack, and our secrets are being stolen!
During this same week, Yahoo experienced a breach that compromised 500 million accounts.
As a business owner, you think to yourself, “We’re small…nobody would bother to hack us, right?”
The answer to that question is a resounding WRONG! According to the National Cyber Security Alliance, one in five small businesses fall victim to cybercrime each year, and that number is growing. Half of all cyber-attacks are aimed at SMBs (source: Forbes Article, “5 Ways Small Businesses Can Protect Against Cybercrime”).
Small businesses are low-hanging fruit because they don’t believe that they are a target, and therefore have very loose or no security systems and protocols in place. We just don’t hear about these attacks because they don’t make national news; the news wants to focus on BIG stories.
Second, most small businesses don’t know they’ve been hacked or don’t report it as they should because they’re embarrassed or afraid of the legal and reputational consequences.
So, how do you protect yourself?
Let’s look at 10 critical things that you should be doing:
1. Employee training and education
Have conversations with your staff about the growing threat of cyber-attack.
Tell them to use their common sense, and to be on the lookout for things that look suspicious. Be vigilant about clicking on links in emails that come from sources such as the IRS, or your bank, looking for you to validate personal information.
Train your staff how to respond, and what to do if they suspect something unusual.
2. Security Software
Make sure that you have Antivirus, Antimalware, and Anti-spam software in place.
Make sure that this software is installed on all of your computers, and just as importantly, make sure that you update and scan on a regular basis!
Antispam software is available for most of the commercially hosted email products, but make sure that it is enabled. If you host email in-house on a local server, make sure that your email if first inspected through an anti-spam service.
Tarrytech recommends GFI Mail Essentials – it is effective, low cost, and easy to maintain.
3. Solid UTM Appliance/Firewall
A solid unified threat management (UTM) firewall should be installed on the edge of your network.
These devices have more functions than traditional firewalls, and can include items such as network intrusion prevention, gateway antivirus, gateway anti-spam, content filtering, and VPN. Tarrytech recommends Dell SonicWALL for a cost effective, enterprise level solution.
4. Backup and Disaster Recovery
I think this is probably the most important item to address!
Even if you have the best security measures in place, nobody can guarantee that you won’t experience a breach. Make sure you are absolutely certain that all of your data is stored in a location that is captured by backup.
Make sure that your backup is performed at an interval that is acceptable to you. Understand how long it would take to recover from a total system loss.
Finally, be certain that you keep an offsite copy of this information.
5. IT Best Practices Implementation, Review and Reporting Process
Work with your IT provider to design a password policy, addressing such items as length, complexity, and change frequency.
Be certain that you have a procedure to disable user accounts and passwords of employees that leave your organization. Review who has rights to your sensitive folders and files on the network. Have a process for approving rights to your sensitive applications and data.
Be certain to review these items on a regular, scheduled basis.
Next- 5 more critical IT protections