Properly maintained IT security is necessary for the modern business. If your business utilizes email, connects to the Internet, or has employees that use mobile devices like smartphones and tablets, you need to have solid IT security in place. The following covers a lot of common elements required to protect your data and reputation. Keep in mind, depending on your industry, there may be additional compliances and regulations you need to follow.
Over the past two decades, IT technology has altered the business topography making it easier to produce, collect, and collaborate on data. However, the use of modern-day, internet-connected equipment for any purpose opens your business up to threats. Whether you simply use email for business correspondence, or your point-of-sales solution integrates with your website’s ecommerce system, protecting your data and infrastructure from online threats isn’t something you want to skip.
Without going too deep into the nerdy details of cybersecurity, let’s take a brief look at where the world is at so far:
Of course, these are all the big names we’ve heard in the media. Smaller companies don’t get the same publicity (thank goodness), but smaller companies are actually at a higher risk because they tend to have little to no defense. While a criminal organization might like to steal the data of 56 million customers from Home Depot, several hundred records from a small business can be done in a fraction of the time.
The points to take away from this are that cybercriminals are becoming smarter and more organized, and that it doesn’t matter how big or small your business is.
To protect your business today, it takes several different approaches. There’s no single answer or software to purchase that will protect you from each type of risk. However, that doesn’t necessarily mean that throwing money and solutions is going to protect your assets.
Beyond the security measures in place, a sense of awareness needs to come into play. You and your staff need to keep security top-of-mind, and rely on an IT security consultant when questions arise.
Let’s start with the basics - the solutions on your network that should handle the heavy-lifting of your IT defense plan.
While data backup isn’t really a preventative security measure, it is a major player when it comes to your security plan, as well as a fundamental piece of your business continuity plan. A managed, properly monitored backup solution is basically the last line of defense. If all else fails, at least you can restore your data. It should be hoped that you never need to come down to this, because if you are compromised, much of the damage is already done, but if you are compromised and your data is gone, there’s little chance of survival.
Your backup solution should store data securely offsite, and backups should be ran regularly, several times per day. Other features to look for in a good backup solution would be fast restore times (image-based backups instead of file backups), versioning, and virtualization capabilities.
A staple of traditional IT security, having antivirus properly installed and managed across your entire network will prevent the millions of different viruses and basic threats that cause computer downtime and other issues. Antivirus isn’t going to prevent more targeted attacks, but all businesses should have it in place.
Although there are plenty of great free antivirus solutions for home users, your business will want a solution that is centrally deployed and managed to ensure virus definitions and other updates are always in place, and that scans are ran regularly.
Equipping a centrally controlled firewall will block incoming attacks. Not to be confused with the software-based firewalls that piggy-back on many antivirus suites, a business-class firewall typically sits on your network between your other devices and the wild Internet.
As mentioned before, email is one of the main ways threats get into your business. Although most email clients have decent spam filtering, junk email is still getting into your organization. Utilizing a separate spam filter solution blocks these threats from getting delivered.
Unsecure Wi-Fi can give a user full access to your network and your data. Although this only opens you up to localized threats (the user has to be within range of your company Wi-Fi), ensuring that your routers are locked down and secure is a best practice. Many modern routers have this functionality built-in, it just needs to be properly configured.
Data theft is a huge problem when traveling. Wireless hotspots, like those found at airports, coffee shops, and hotels can be very insecure. Hackers can easily intercept your data without your knowledge. A VPN (Virtual Private Network) solution lets you access your company files and applications securely without transmitting sensitive data. This also means that sensitive data doesn’t need to be stored on the device.
With the widespread usage of devices like smartphones and tablets, employees are becoming much more likely to use these devices for work. This can improve communication, collaboration, and productivity, however there are downsides certain precautions aren’t put into play. Your organization needs to develop a BYOD (Bring Your Own Device) policy with specific rules corresponding to the storage and transferring of company data on personal mobile devices. These policies need to be read and understood by all employees, and enforced by the organization.
While you don’t want to be so strict that you prevent engaged users from utilizing their own smartphones or tablets for work, you need to enforce the protection of your data (and your clients’ data). Setting up the ability to remotely wipe a lost or stolen device, or revoke the access to company email if the employee quits is a good start, while establishing document management solutions like cloud hosting or a VPN provides even more incentive to follow best practices.
Depending on your business, there may be other regulations and compliances that you need to meet. It’s best to cover these on a case-by-case basis, as each regulation will have very specific requirements. We highly recommend you reach out to the IT security experts at Out of the Box Solutions for an evaluation.
What good is a smoke detector if the batteries are dead? The same goes for IT security that isn’t properly managed, kept updated, and regularly tested.
Don’t wait for a security breach or data loss to start thinking about IT security. To get started, and to find out what it would take to establish the solutions found in our fundamental IT defense plan, give us a call at 800-750-4OBS (4627).