Your business is a target. The simple fact of being in business makes it so. There are a lot of bad actors out there who will go to great lengths to get your personal and financial information, and they have many different and innovative approaches to get it. There are some small steps any business can take to make a big impact in protecting business data.
Here we present our 4 Rules of Thumb for better IT security; a starting place if you’re looking for somewhere to begin.
We can’t stress enough that every business should make it a priority to implement some basic information/technology security standards and regular employee training. Having more discussion on the subject helps everyone in the company learn and shows that management is paying attention. Remember that business data isn’t just word documents and spreadsheets. It’s banking and financial and other information, employee information like social security numbers and direct deposit info, customer, vendor information and more. For even a small business, the possibility data exposure or loss isn’t trivial.
NOOBEH cloud services works to keep your QuickBooks on Azure cloud deployment more secure in a variety of ways, but we always start with a few essential policies. These rules and policies can mean the difference between a small IT annoyance or catastrophic failure and data encryption, loss, or exfiltration. If you haven’t implemented these four essential policies in your business IT environment, today is the day to start.
- Always use strong passwords, at least 10 to 12 characters, and make them complex. Require passwords to be updated periodically. Don’t reuse passwords and avoid common words or phrases.
- Don’t let users operate with permissions greater than required. In applications, consider restricting functionality based on the role or job requirements. On servers and PCs (Windows, Mac, whatever), make sure users are operating as “standard” users rather than system administrators. When you reduce the permissions granted to users you prevent their accounts from performing possibly harmful actions in the system, like installing malware or damaging programs, modifying settings, or even creating backdoor user accounts.
- Control user account information and manage it closely. Simply knowing what user accounts exist can give hackers and phishers enough information to begin targeting logins and applying methods to crack them. Part of this includes making sure to remove or disable accounts for user accounts that are no longer needed. Every unused account that remains enabled is just another point of vulnerability. Protect system and administrative accounts and directories (like Microsoft Active Directory). Make certain that you only grant access to sensitive system and account information when absolutely necessary, and only to a completely trusted source. Also make sure to have at least one “break the glass” (back door) admin account you can use if the regular administrative account(s) become compromised.
- Limit the installed software to what is needed for the business and keep it current. Make sure operating systems and applications are up to date, and keep browsers and plugins updated to make sure they don’t become the weak link.
Cyber criminals are delivering waves of cyber-attacks that are both highly coordinated and far more advanced than ever before seen. Endpoint attacks have become complicated multi-stage operations, ransomware hits small business and enterprises alike, and stealth crypto mining got criminals into unsuspecting corporate networks. The year has been awash with massive data leaks, expensive ransomware payouts and the realization of a completely new and extremely complicated threat landscape. The bad guys have upped their threat game in a big way.
Diligence is required to help protect valuable business information assets. Following these four rules of thumb will help the business avoid becoming easy prey and can provide a foundation for greater system security and a more streamlined approach to identity management, applications and access.