For every business there are security principles that apply across the board. No matter if you’re a Medical office or a construction company. Your business is a target, whether you realize it or not. Here are 5 principles every business should implement.

Quick view:
1. Logical security.
2. Physical security
3. Backup backup backup
4. Updates and monitoring
5. Training

Logical Security

Logical security isn’t that hard. All small businesses can employ measures to limit the exposure to exploits, mishap, or rogue employees. Logical Security is a big category that covers alot of ground. It includes; Anti-virus, Firewalls, and Spam/Web protection.

Antivirus

Ensure every laptop and desktop has antivirus installed. More importantly, make sure they all stay up to date! Antivirus is not “set it and forget it”.  Attackers and tactics change daily and sometimes hourly. That’s why most antivirus software have definition updates many times a day.

       Antivirus Definitions: the instructions on how to find viruses on a device. Without these updates, AV software could miss the newest virus or malware that has infected the machine.

Business owners need to make sure each machine receives updates to the actual software and definition updates every day.

File permissions

You want to trust your employees. Employees sometimes make mistakes. Employees can also be plain careless or have other intentions. When you share files among employees, you make sure information is limited to those that need to know. Business owners who limit access to data properly will also limit the possibility of data leaks by an employee not trained for that information.

Need to know access based permissions is a requirement for many regulations, such as HIPPA.

Limiting file permissions is good practice, even for the smallest of companies.

Firewall

Small businesses should invest in a dedicated firewall.

Business owners find it very convenient to buy a simple wireless router from their favorite retail store. Most simply use the device until it stops working. In some cases they use the built in wireless from their internet provider modem. In both these scenarios you’re using a multi-purpose device and counting on the fact it will protect, never really asking how.

Many businesses dont replace these devices when the manufacturer stops updating them. Further, most business owners never apply the updates anyway. Hackers have discovered and begin exploiting these weaknesses.

A dedicated firewall, purpose built for one job, stops unauthorized access and detects attempted intrusions and exploits. Firewalls will receive updates, many times automatically. They can also do more, than a wireless router, in terms of keeping you safe.

++++Our managed service clients receive a free firewall for the life of their contract

Firewalls can also scan for viruses in traffic, detect hackers attempts, and block hackers automatically.

A focused device will out perform a multi-purpose device.

Web and Spam Protection

Businesses are most often hacked through email and malicious websites. An employee receives and email, clicks the link, and next the entire office is infected.  This stops productivity and incurs extra expense for the business.

Businesses with proper web protection and spam filtering in place, this occurrence can be limited if not eliminated.

Web protection examines every website visited. If the website matches a known bad website, it will stop you from getting there.

Most every email service provides a built in spam protection.  Email providers essentially use a rule based list of bad email addresses and keywords. Each match in a message increases it’s spam score. If the score is high enough, it’s blocked.

 Spam scoring is a way to allow outlook to determine if a message is junk. There are a few factors that go into this such as keywords, domain, ip address.

Enhanced spam filtering adds an extra smart layer of protection. It will also check the links in an email, similar to web protection. Employees who accidentally click the infected link will be presented a warning.

Physical security

Every business owner should limit access to not only their building but their computers and systems as well. This can mean ensuring you have a trained person at your entry way or locking doors on offices and data center.  This not only helps limits access to non-employees but to employees that might be a little too curious. Locking cabinets should also be provided to employees, to store sensitive data.

Backup your data

File and Folder Backup

Backups are a great tool to fight hackers, environmental issues, and careless or rogue employees.

File and folder backups are the first thing we think about when talking about backups. Many small businesses now use cloud services such as Office 365 or gSuite. Business owners believe this means their data is safe, yet both of these services recommend  a dedicated backup solution. Cloud providers only retain a file for 30 days after it is deleted. After 30 days it’s gone forever. There are other scenarios. A corrupted file will appear normal, yet without a backup with snapshots, you wont be able to recover it back to when it wasn’t corrupted. Rewrite: A corrupted file will appear normal, yet without a backup containing snapshots, it would be impossible to recover at a point before it became corrupt.

Email backup and archiving

Email backup and archiving ensures an email is never lost. If an email from years ago is needed, but not found in the inbox, it can be found in the archive. Email archiving also fulfills industry regulations.

If a business deals in contractual agreements, medical information, communicating with clients about sales agreements or scope of work, then email archiving should be a priority.

Updates, Monitoring, and Training

Updates

Businesses should make sure every machine has updates not only for Microsoft or Mac OSX, but all the software they use. Many times that is the last layer of defense from hackers. Updates for security issues can stop a hacker in their tracks.

Staying up to date is also a good practice. Not only does it limit the chance for a software flaw to slow down employees, it helps secure your business against attacks through web sites and email.

Missing updates allowed for billions in damages to businesses last year.

Monitoring

Monitoring machines has several advantages. Monitoring should include hardware and software problems. This enables the business to detect problems before they affect productivity. Invalid logins should also be included in any monitoring plan. This can indicate an intrusion attempt and allow proactive measures to stop the unauthorized access.

Training

The most important of these 5 steps!

Training employees can help mitigate many security issues associated with small business. Employees trained to spot potential hacking or phishing attempts can save a business thousands of dollars. Training should include web, email, and social engineering hacking attempts. A trained workforce is a hacker’s worst nightmare.

Don’t have what you need?

These five steps will give any business a great start on securing their IT infrastructure. Business owners concerned about the expense should consider the cost of disruption to their business when they are compromised. More than that, how will the damage to their reputation impact business? When approached from this perspective, the expense of doing security right will seem insignificant to the cost of doing nothing.