7 steps to boost business data security
There’s no doubt that in 2016 we are all going to hear an awful lot about security. It will be referred to endlessly as ‘cyber’ security, but that’s a bit misleading these days, when many aspects of most people’s lives and businesses are linked to the internet one way or another. Really, it’s all just ‘security’.
However it’s described shouldn’t diminish the importance of the topic though. There’s a good reason we’ll be hearing a lot about it and that’s because it’s an area of life that cannot be left to chance any more.
Various Government agencies and departments, the police, local authorities and business organisations are all going to be talking about this and trying to make sure everyone is educated. When your identity, bank accounts, driving qualifications (and penalties), benefit entitlements, pensions and tax affairs (to name but a few) are all online you can no longer afford to be relaxed about using your pet’s name as your main password. That’s the online equivalent of leaving the car unlocked and the keys in the ignition.
For businesses a loss of data can be devastating, especially when proper backup and restore procedures are not in place.
It’s a big topic, which we at Bespoke Computing talk a lot about – but hopefully now you can see that’s for good reason!
Online Security in Your Hands
Fortunately, there are a handful of things every business can do to begin putting itself on an almost instantly safer footing. It’s a topic you should try to stay on top of, but start with these seven points if you want to get to grips with your security:
1. Educate people – It seems obvious, but your weakest point is the person who doesn’t follow good practice or use their sense when it comes to protecting logins and the data needed to carry out day-to-day work. Instill good habits from the day you hire someone and make it part of the culture for everyone.
2. Scan for vulnerabilities – You can bet that any system you have connected to the internet, from shared databases to your website, are being probed by the bad guys on a daily basis. As soon as they find a weakness they could very quickly be stealing your data, wreaking havoc or holding you to ransom! Get ahead of the game by carrying out your own scanning using available tools. If you’re not confident, get the experts to do it for you.
3. Patching and updating – Software and hardware don’t stand still. New risks emerge or security holes are found which the makers create fixes for. You need to be on top of downloading and applying those fixes because attackers are always quick to exploit them once they become public. There’s a caveat to this one though; if it’s a major version change of software, rather just a patch, you might be wise to seek advice first on business-critical systems.
4. Get behind multiple layers of malware defence – Harmful software and websites can get into a system in a range of ways, from opening an email attachment (which accounts for 40 per cent of all infections alone), visiting a malware-laden website or by following a link in an email to a bad site. Having anti-virus software that is kept up-to-date is important, but it should be part of a multi-layered approach. When combined with an email scanner and solid web filtering, you should be protected from most issues. Think of an onion – with layers to be peeled back before you get in!
5. Restrict administrative rights – An amazing 97 per cent of critical vulnerabilities can be guarded against by removing admin rights from users who really don’t need them! In fact, that’s true of 99.5 per cent of the risks associated with Microsoft’s Internet Explorer browser and 80 per cent of vulnerabilities in the wider suite of Microsoft products, which we probably all use to some extent. The quick test is if you can install new software without being asked for a password, you have admin rights. Anyone who doesn’t need this level of access is leaving you with a gaping security hole, but it’s disturbingly common that this is the default setting.
6. Make daily backups and check them – Often we find that people consider that backing up their work to a set of disks is enough, but it really isn’t. You need multiple backups, across a planned timeframe. They should run automatically and be stored in varied locations, including off-site and perhaps with an online storage provider. Make sure someone is responsible and the backups are actively maintained. It certainly takes the sting out of a ransomware attack if you can restore to yesterday’s data (or even more recent) because you are prepared!
7. Ask for help – There’s no shame in not being sure whether you’ve got all of your IT security bases covered. If you have had an honest look the previous six points and addressed them as well as you can, or determined that you’re not equipped to handle them in-house, talk to the experts. At Bespoke Computing we’re passionate about making sure businesses are safe online, so we don’t make it complicated and only provide what’s needed. Just don’t leave it until it’s too late; much easier to have this in hand than to deal with the consequences!