Now more than ever, small businesses need to be vigilant with their information technology security. Small businesses may not be the big fish in the sea, but there are plenty of them out there to catch. Small businesses tend to make the best targets because they often fail to perform security audits, they may not be willing to invest in the resources needed to protect themselves, and they frequently don’t even carry the right insurance coverages. To hackers, small businesses are easy prey.
“Don’t think you are too small to be affected,” says Erik Knight, the founder and CEO of SimpleWAN. “Every place you have an employee or office is a potential entry point. Take it seriously; if you have something worth taking, a hacker will try to take it.”
https://www.forbes.com/…
There are a few things every business can do to improve the security and privacy of their data. It isn’t an option any longer; these are essential elements in an overall security strategy that can make the difference between staying in business and not.
Use strong passwords, not easy-to-guess words, phrases or sequences (1234 is not a strong password). Passwords should be unique, more than 8 characters in length, and have a mix of numbers, letters, and special characters.
Keep software updated. Whether it is the operating system on your computer or the software you use to write letters, having up-to-date software matters. Developers don’t just upgrade software to fix bugs or introduce new features; software often gets updated because of security issues or vulnerabilities.
Keep networks and connected devices secure to make sure that the computers and connections aren’t introducing weaknesses into your system. Not only are password controls and software updates needed, but firewall security and good anti-virus/anti-malware solutions are also a must. Keeping an eye on the server matters, but the connecting points and end points are where many vulnerabilities exist.
Set up two-factor or multi-factor authentication to further secure logins. 2FA and MFA is like having ID besides just your driver’s license to prove you are who you say you are. Your password, like your DL, is just one factor; you need one more thing to prove your identity for 2FA, like a code from your phone or maybe your fingerprint. The point is that there should be more than just a username and password to access important data.
Restrict use of personal email or social media on work devices. This gets a little trickier with smaller businesses, as many don’t or can’t support providing users with all company-owned devices. There are tradeoffs to allowing users to bring their own devices (byod) versus using company-owned devices. When mobile devices are part of the mix along with desktop and portable computers, it becomes even more complicated and the risk potential increases.
Use encryption for data in transit and data at rest. Encryption is like scrambling the data and then unscrambling it when you access it. In transit, data may be encrypted by a VPN so that it is protected over the wire (in motion) as it is sent and received on the network. RDP is also encrypted, but this remote access method’s main purpose is to keep the data from leaving the server in the first place. At rest, like when it is sitting on a hard drive or other storage location, data can also be encrypted. To open the file or file system, you need a key to decrypt it.
Keep all data backed up and create a way to rapidly recover your server and systems in the event of failure or compromise. Backups are great right up until you find they are as damaged or unrecoverable as your main system, so make sure to have a policy of testing your backups periodically. There are many ways to back up and protect your data, including external drives and cloud storage. If data gets lost or corrupted, you want to be able to restore it from a backup. Regularly audit your backup and data security practices to help identify weaknesses that make the business vulnerable.
Educating employees on the importance of cyber security is among the most important steps a business can take to protect itself. Keeping passwords secure and secret, knowing how to spot a phishing email and what to do and not do with it, not clicking on suspicious links in emails, not sharing personal or confidential information online, and what to do in the event of a breach are all things that should be regularly discussed with workers and supported by written policies.
Managed Azure cloud servers from Noobeh help you keep your business information more secure. Our services demand high levels of security and privacy, and we help our customers keep their data and systems safer and more secure by handling some of the requirements for them.
- Strong password policies and MFA is our standard setup, and software updates and patching are part of the service.
- Working on the cloud server keeps data on the server and not traversing the network or downloading to individual PCs, so information stays secure and separate from whatever a user runs on their local devices.
- Data on the Azure virtual machines is encrypted at rest, and additional encryption is available to add more layers of protection. Data in motion is encrypted, but very little data actually traverses the wire.
- Servers and data are backed up regularly with snapshots and file level backups, allowing for simple file restores as well as comprehensive system recovery.
For small businesses, Noobeh has the solution for creating a more secure and better protected IT environment where applications and data can be available to those who need them without compromising the investments already made in training and process development. Moving software and data to a private cloud server allows companies to continue using the software they rely on, just in a better way. Instead of being easy prey to hackers, our customers benefit from higher levels of IT administration, management and protection that empowers them to work the way they need to – any time, anywhere.
Make Sense?
J
Cooper Mann Company 