Had a small business for 10 years? Maybe a server stuck in a cupboard in the office? Things were very different back in 2010, and a big one of those is security. Today we will outline 7 tips to secure your business IT systems.
As a business owner you must ensure that your systems are secure, but still operationally functional. Security is typically a board level topic in larger organisations, so blindly trusting your “IT Guy” is not an option.
So, what questions should you ask? Here are the 7 basic requirements to secure your IT that you can either implement yourself in many cases or ask your tech guy to investigate and implement.
- Multi-factor Authentication (MFA). Everywhere. Put it on everything. It doesn’t matter if you think it has nothing important now, it could in the future. Most applications and SaaS services will force you to setup some sort of second step authentication, if not – get a better app.
- Strong passwords and a password manager. Get a password manager, put a strong password and MFA on the account. Then put all the passwords for all your applications in the vault. Make them strong, randomly generated 16+ digit passwords. Sounds like a pain in the ass right? Make sure the password manager has browser plugins for your favorite browser so it can save, generate and autofill the accounts when you need to login!
- Security Awareness Training. Get all your staff trained up on how to identify spam. They are the weakest link, hands down. Social engineering is the number one entry point into a network because people predictably unpredictable.
- Updates for your OS and Applications. This is so simple now on Windows, Mac and all Smartphones. Even most applications have built in updaters, and the more often that you do the updates, the less painful and risky it will be to get the updates done. Microsoft released a patch in January for Windows 10 that the NSA found and reported – update, update, update.
- Advanced Endpoint Security. Basic antivirus just doesn’t cut it anymore. Malware is being written to be sneakier, so you need a next-gen endpoint security suite that can look at threat behaviors to determine whether its malicious or not. Slightly customized malware is also becoming more common, with traditional AV the malware needs to be seen, have detection and remediation written, then distributed. That doesn’t work in 2020!
- Secure Remote Access or VPN. Get a personal VPN if work doesn’t have one. Or if you’re “born on the cloud” – awesome! Probably not required, but if you’re travelling abroad it might be a good idea to make sure your as secure as possible. There are plenty options out there, choose one that suits your budget, travel destination and device.
- Backups, the last line of defense. When all else fails, restore from backup. Make sure something is offsite and disconnected from your network, because crypto ransomware will target backups, so you have no choice but to pay the ransom. Multiple copies, multiple locations, and make sure you specific the Recovery Point Objective (RPO) to define how much data loss is acceptable.
Every business should have these 7 items at some level, wherever possible.