Protecting your small business against cyber threats is getting harder every day; it used to be that having a good anti-virus program installed on your computer was all you needed.
Now you need to worry about web security, email security, network security, not to mention the physical security, and social engineering. Things are getting much more complicated.
Attacks can happen in many forms, at the moment, the most used method is via the web, someone might hack into a popular website, imbed malicious code which when accessed can be used to exploit vulnerabilities on your system and possibly gain access to your computer or use it to infect others, send out spam, etc. Or maybe you download something you want, and along with it you get something you don’t want, and didn’t notice was downloading at the same time.
There are so many threats out there, from spyware, viruses, and Trojans, to internet scams, to disgruntled employees trying to get into your systems that can make your head spin trying to protect yourself from all of them.
So here are a few of the most basic things you can do to protect yourself:
1. Change passwords often and using strong passwords -this is probably the simplest thing you can do to be safe, and the one that often gets overlooked
2. Maintain software updated – most applications will prompt for updates every once in a while, just accepting the update can keep you a little bit safer
3. Patch the Operating System – this will keep your servers and workstations protected against the latest exploits, even if you access a malicious website you will be safer if your OS is up to date
4. Install a good anti-virus and anti-spyware tool – this will protect you in case someone sends you an infected file via email, or something is lurking around in your network
5. Network Security – use a good firewall and make sure all your devices (ie. firewall, switches, routers, wireless access points, etc) across the network are well configured, with the default passwords and web interface access ports changed, running the latest firmware, etc.This also includes wireless security, perhaps operating in the DMZ, and with good encryption.
6. File Access Control – this should be implemented on server shares so users only have access to shares and folders they really need, keep confidential information accessible only by users who really need it
7. Physical Security – this one is often the most overlooked one of all, you can protect everything else, but if anybody can just get to your systems, sit down and have at it with no questions asked, then you could have all your information stolen or infected very easily. This includes an automatic screen lock after a certain time of inactivity on desktops and servers, a locked server room with access limited to IT staff, good battery backups, and perhaps implementing a policy against personal laptops within the company network which could introduce viruses or other malware to your systems
8. Safe internet usage practice for staff - this includes training your staff to not open emails from people they don’t know(especially attachments), not accepting file transfer from Instant Messaging tools, and if possible restricting social networking sites, and personal browsing on company computers
9. Backup your systems and data – this means regularly backing up, testing the backups, keeping copies of the backups offsite, making sure they are running properly, etc
There’s much more that can be done, but these are the most basic steps every small business should be looking at to keep their company information and systems safe.