12 May Network Security Checklist for Small Businesses
When discussing network security for small businesses with a potential client, as an Orange County IT support company, we often find one or more items from our checklist forgotten. Securing your business’s network is one of the most important things you should consider. Use this checklist to determine if your company is opening the door to a potential attack.
Use a hardware firewall
It’s not often we see this one left out or forgotten, but it does happen from time to time. A hardware firewall can protect your company’s vital information from intruders on the outside. It’s easy to be complacent about a hardware firewall if you feel like your business is too small for any attackers to want to access. That assumption could be costly. Most malicious activity is not necessarily targeting your specific network, they are just sniffing the air for a potential way in. Much like a burglar will try various doors in a neighborhood until they find one that is unlocked. It’s not that the burglar was looking for a way into YOUR house, it’s that your house happened to be open to the attack.
Create a human firewall
A human firewall is just as important as a hardware firewall. The human firewall consists of educating your employees on scams, viruses, and malware. Most company security breaches occur because of employee error. Whether it’s that email that just looked SO LEGIT, or the big error message on the screen telling them they already have a virus, and they need to download this tool to remove it NOW! If you don’t educate your employees about the potential dangers online, and the typical ways they try to get you to respond you will open your network up to potential issues.
Create an agreement
Along the lines of helping educate employees and creating a human firewall, you should make sure they agree to certain security protocols. This is one that is often overlooked, but incredibly important. Many employees are bringing their own devices and utilizing them to access company data. Employees need to be aware of the potential risks this can bring. When someone has sensitive email information or even CRM data on their phone, a loss of that device can put the information in the wrong hands very easily. Two of the most important items that can go in this signed agreement are a requirement for employees to password protect their mobile devices that have access to business information and require that they report loss or theft of those devices immediately. When reported in a timely matter an administrator can remotely wipe the device to protect company data.
Have password policies in place
Nothing gets more complaints than a company’s password policy. Trust us. It’s extremely important to have a secure password and to change that password often. At least 8 characters, requiring upper & lower case letters, numbers and symbols is a great start for a password requirement. The longer the character requirement, the more secure the password will be. Also, in your security policy agreement (listed above), you could have a requirement to NOT write the password on a post-it note and attach it to any surface of the desk or computer. Yes, this is a pain since you have to type it in at least on a daily basis, but if your password is password123, it’s not a question of IF you will get hacked, it’s when.
Passwords are becoming less and less secure as we move into new technology. Multi-factor authentication usually consists of something you know with something you have. You can have a key fob with a changing code + a password or something that sends your phone a code + a password. When both are in use, it is harder for someone to access your account, since they don’t have the second piece of the puzzle. Utilizing multi-factor authentication is a great way to keep your company’s data secure. Any cloud services your company uses should have multi-factor authentication turned on.
Back up your data
We won’t even go into the time a company we know about that had to spend $11,000 in data recovery because they hadn’t had a good backup of their company’s files for at least 6 months. A good backup can really help with security as well. If someone accidentally installs malware that disables all of the files on your network (which we have seen happen), instead of trying to fix the attack, you can just restore all the files from the most recent backup and be back up and running in no time.
Protecting your devices from threats is an essential part of keeping your network secure. Utilizing an antivirus program, that continues to update its threat definitions and database is non-negotiable. It should be a trusted platform and should be installed on all devices including Apple devices and smartphones. We know that Apple tries to tell you that it does not get viruses, but we assure you that they can and will. Since Apple devices in corporate environments have risen, so has the threats that have become successful on the operating system. All devices on the network should be running a program that can detect and remove these threats.
When updates are released from companies that create operating systems like Google, Apple and Microsoft, it shines a big light onto the potential security hole that has now been fixed by the released update. Attackers will use this information to create new threats that exploit this security hole. Any devices that have not been updated will be vulnerable to the attack. The attacker is banking on people not running the updates to make their attack successful. It is a tactic that has been successful for them hundreds of times, and they will continue to use it. The easiest way to protect your network from these attacks is to keep all of your devices up to date.
Hopefully, your business has passed the test, and are already doing all of these things. If not, it is definitely past time to get started!