All businesses are vulnerable to cyber-attacks and security breaches. Many, however, neglect to take the time and energy to address obvious concerns. Being proactive in your business technology security may be the most significant thing you do for your organization this year.
Here are 5 fundamental things you can do this year to improve your business' technology security.
1. Create a Business Continuity/Disaster Recovery plan
Your Business Continuity/Disaster Recovery (BCDR) plan should be documented, communicated to your organization, and tested annually. Testing your plan may involve throwing out simple “what-if” scenarios via a roundtable discussion with all departments. Essentially, this “testing” is making sure your plan could hold up to different hypothetical scenarios. “What if” your system was compromised? Do you know what’s required of you legally from a state and industry regulation perspective? Do you have a data security vendor you could call on in the event of an emergency? Is your cybersecurity insurance up to snuff?
2. Put endpoint encryption on any device that accesses or stores important data
For businesses with Personal Health Information (PHI) or Personally Identifiable Information (PII), endpoint encryption is a must-have. An “endpoint” is a computer or mobile device, and “encryption” is the process of scrambling the data on it so that only people with the proper “key” can view that data. Essentially, endpoint encryption makes data on those devices inaccessible to unauthorized eyes. If the device were ever lost or stolen, the data on it would not be compromised and it would not be a “reportable breach.” This software is cheap and easy to install. In fact, TekLinks offers endpoint encryption software to its clients. To get more information, just email info@teklinks.com.
3. Remove/Upgrade operating systems and applications that are no longer supported by the vendor
When an operating system, application, or hardware is no longer supported by the vendor, the product is no longer receiving security updates and patches. Outdated products like this are a huge vulnerability to any network and should be upgraded or removed from the network as soon as possible. Every day cybercriminals and security researchers discover exploitable weaknesses in systems and applications, so vendors develop patches to address these vulnerabilities. Vendors such as Microsoft, Cisco, and Apple quickly fix exploits in their systems exposed by these security weaknesses, but they will not fix those issues on systems that are past their “end-of-life” (products which are no longer supported by the manufacturer or vendor). Patching your systems and replacing outdated software/hardware must be a priority.
4. Conduct internal and external vulnerability assessments. Then, get to work
All businesses, regardless of size, should conduct an assessment of internal and external security threats. This is what’s called a “risk assessment.” Upon completing a risk assessment, the security company that conducted it will likely provide a list of recommendations. This list of recommendations is where the rubber-meets-the-road in terms of your “next steps” toward security.
Note: Internal threats are often the most critical and they include employee theft, personal error, inadequate training, and weak points like wireless networks with weak (or no) passwords. Training (and retraining) your employees about the dangers of email specifically can eliminate a significant part of the security problem.
5. Master the fundamentals
In sports, as in security, those who master the fundamentals perform the best. Mastering these four practices will take you far in your journey to business technology security.
- Document: Keep records of who has access to what on your network, and why. You need a system in place to keep track of user accounts and revoke their access when they leave the company or change positions. Service accounts need to be monitored as well and any default passwords changed.
- Limit Access: Vendors and visitors should be limited in what they can do on your network. Create a secondary wireless network that is isolated from the main network which is connected to your corporate infrastructure and data.
- Backups: Regularly backing up your data is a fundamental technology practice. It is very important to make sure those backups happen AND have been tested. Most people assume backups happen 100% of the time only to discover in an emergency that they have been failing for months. The scope of backups should be reviewed on a regular basis to ensure new systems and data have been captured in the backup process. When it comes to backups, never assume…always verify.
- Patch: We mentioned earlier that patches are typically not available for systems beyond their “end-of-life” (no longer supported by the manufacture or vendor). However, you must patch and update your systems and applications on a regular basis to address new security issues in existing software and systems. Make time for these patches. They’re not glamorous, and, to be honest, most IT guys don’t typically like to do them. But up-to-date patches can prevent 80% of potential breaches. In short, prioritize patching.
According to a recent study, 96% of all companies, regardless of vertical, were breached in the first half of 2014. It’s safe to say that whether it is from employee or vendor error, a virus, or an all-out cyber security attack, your company will experience a breach incident at some point in the future.
Use these five business technology security practices as a starting point to help mitigate against the larger threats. Again, these threats are changing all the time, and new devices and software consistently present new threats in the ever-changing landscape of security.
At TekLinks we take the security of your data seriously. To learn more about how TekLinks can help you meet your technology and security goals, email us at info@teklinks.com
WHO IS TEKLINKS? A national leader in IT security services, cloud computing, managed services, engineering services, and value-added resale. We’re a team of expert techies and business professionals who are passionate about building valuable relationships and getting things done right. Simply put: We make IT work for business. Learn more at TekLinks.com