With huge data breaches making headlines on a regular basis, it’s hard to ignore the fact that data security is becoming ever more important for business owners and those managing IT and intellectual property. Unfortunately, there are still far too many organisations that don’t understand just how serious the threat is – both financially and to your reputation. Nor how active and regular these attacks are.
Recent research demonstrates that the growing cyber security threat isn’t only affecting big, national companies. It’s just as serious – if not more so – for small businesses to be prepared because data breaches and cyber attacks are
very real possibilities for them. According to the Governments Cyber Security Breaches Survey 2016, 65% of businesses report being the victim of a cyber attack in one form or another in the past year, and the number of data breaches reported each year continues to climb at a staggering rate.
It’s worth remembering that cyber attacks don’t just come from faceless hacking groups in remote geographic locations, but also from current and former employees. Therefore vigilance in this area is particularly important.
Bad habits are hard to break, and that’s especially true when it comes to small businesses and cyber security. It is after all easy for SMBs to ignore cyber security and instead just think, “that will never happen to me”. However, as with most security issues in IT there are a number of simple things that you can do to help close the doors that are often left open unnecessarily.
1. Password Management tools
With so many passwords to remember and the requirement for passwords to be more complex, some people opt
for recording passwords on Post-it notes which is obviously a very easy route to a breach!
2. Keep operating systems up to date
Being able to identify the operating systems for all your machines and servers is really important. We still see
clients utilising Windows XP based desktops/laptops and also a number of Windows 2000 and Windows 2003
Server based machines. The issue with running these older operating systems is that Microsoft no longer creates
security updates for them, despite the machines remaining as targets for hackers.
3. Keep your firewalls up to date
Your company firewall may have been installed a number of years ago. Of course any firewall is better than no
firewall, but the threat landscape is evolving all the time. If your firewall isn’t being updated on a regular basis or
replaced with a more feature rich appliance then you won’t have the tools in place to protect you.
4. Put a password policy in place
We’ve seen it happen with so many clients: An employee needs access to something from their colleague’s machine, so they shout across the office to request a login which is given freely and publically. Likewise, when an employee leaves and his or her colleagues still know the passwords despite the login account being disabled.
5. Get an EPP (Exit Policy Procedure) in place
Unfortunately, notifying IT every time an employee leaves is not often seen as a priority. The consequence then
being that we don’t close off the employee’s account, thus effectively leaving the technical door open. The danger
is that the former employee still has access to their emails, data on the server, and to cloud based applications such
as Salesforce etc. Considering that they may have gone to competitor, this could cause you real issues. Moreover,
not all employees leave on the best terms thus making it all the more important that the door is closed and firmly
locked against re-entry!
6. Keep your Anti-Virus up to date
Clicking 'Remind me later'... It's a very common bad habit for staff who have anti-virus on their machine. The only problem is if you let your staff keep clicking it, then you will soon be at risk to the constant stream of new viruses that are introduced. Manage it centrally and push updates out so that all your machines stay safe!
7. Get a BYOD (Bring Your Own Device) policy in place
We're seeing an ever-increasing number of customers allowing employees to bring their own machines to the office, which means they’re not proactively managed by us and we cannot be certain Anti-Virus is installed and working. If
an infected machine is put on your network, chances are it won’t take long for the virus to spread across the network and disrupt access to your files and applications.