With so many high-profile computer cracks in the news, small business owners are increasingly concerned they may be next. The problem for many of these companies is they have no idea what kind of attack they might be facing and they certainly don’t have a plan to address it should it occur. When the subject of possible expense arises and business owners find it is one of the few alternatives to the potential liability of a major security breach, it’s understandable if some of those owners just throw their hands up in despair. Since this is hardly an option for owners who want to be successful, the following strategies can be used to improve any small business’ cyber security.
Patch Your Systems
Every major operating system, including those for mobile devices, tablets and phones has an automatic update system in place. At intervals no less frequent than once a week you should make sure every device and computer attached to your network has been patched and updated. Machines that cannot be patched or updated for whatever reason should be disconnected from the network for security.
Use a Secure Operating System
Generally speaking, operating systems not designed for enterprise use are less secure than those meant to be used by large companies. While they are capable of many of the same functions, their architecture and design leave them with basic security issues that are very difficult to fix without enormous investments in time and additional software. Much better to use the right tool for the job. If in doubt, contact the manufacturers of each system and ask for advice on what to use if you are interested in a secure network.
The most popular security problems usually revolve around either insecure passwords or network security credentials that are not updated often enough. A good password policy should be part of your employee security training program. Explain how to construct a good password and also introduce the tools necessary to manage each employee’s passwords on your system. This will solve a large number of security problems before they ever become problems.
Focus on Training
The greatest security program in the world can be thwarted utterly by a single untrained employee. It is absolutely vital you make sure your employees are trained and re-trained on both basic security practices and what can be expected from attackers. Consider hiring a security consultant with an online master’s in criminal justice to train your employees on how to recognize the tactics used by cyber criminals to steal data. Only through the combined efforts of everyone at your company will you have a chance to overcome the potential for inadvertent mistakes.
Turn Off Unused Services
If you have systems on-site or at a network operations center that are running either patched or un-patched services you don’t need for your company’s operations, shut them down. One of the easiest ways for an intruder to attack a network is through a service running on one of your public-facing servers that you are either unaware of or don’t need.
Network security is a challenging task, and the only way to approach it properly is to make sure you have all the information you need before you start building a policy to protect your systems. These steps are a good start.