A Security Reminder for Insane Times
We took note of the laptop theft stories from the January 6th attack on the Capitol. A perceived sense of security left the IT assets and information of the US Congress vulnerable.
Let us use this experience to remind small business owners to protect their own IT assets. Small and mid-sized businesses often do not have the time, budget, and expertise to defend criminal attack, be it theft or cybercrime. With more threats of violence and property destruction, now is a good time to review your business security protocols, specifically those concerning your IT equipment and policies.
Protect Your Physical Assets
Let us assume that armed insurgents are not storming your business location. However, an everyday criminal may see your company as an easy target. Protect computers and other technology by keeping them in a secure location. Implement a clean desk policy to ensure that computers are logged off networks and documents are stored securely to safeguard sensitive and confidential data. If you dispose of any data or equipment, make sure you do so properly and securely by shredding, burning, pulverizing, or wiping, as necessary.
Evaluate Your Physical Space
Take advantage of your local law enforcement resources. Inquire if they are willing to do a security review for easy access points or other security weaknesses that may allow a criminal to gain entry to the premises or gain access to sensitive areas and equipment.
Limit Administrative Access to Trusted It Staff and Key Personnel
Fewer knowledgeable people equal a stronger security system. Passwords protect computers and other network equipment. Restrict third-party access to the network. Physically lock your server in a secure location to eliminate unauthorized access or removal. Use strong authentication procedures (consider multi-factor authentication) to limit access to data.
Educate Your Employees about Security
Your employees, in many ways, are your first line of defense as users of your systems. Provide routine security awareness training to them. Explain your security protocols and, most importantly, enforce them.
Employ Network Security Protocols
Network security protocols are the protective measures that use computer networks to detect, monitor, protect, analyze, and defend against network infiltrations. It starts with using proper networking equipment, such as firewalls, to impede network access, but there are many other things you want to include to protect yourself from cybercrime: intrusion detection and prevention tools, virtual private networks, updated software, malware, virus, and spam filtering. Your IT firm can help you identify the appropriate measure to take, given your business model.
Test Your Security Plans
Perform “penetration tests” on a regular basis. This is where you, or your advisor, attempts to penetrate your network to test your defenses. You should also plan to conduct an independent security review at least once a year, depending on the size and scope of your technology.
Business owners may never have complete peace of mind when it comes to IT. Cybercriminals continually try to devise new ways to breach security defenses. Keeping up to date with the latest threats and re-visiting vulnerabilities will be a constant challenge. Remaining vigilant enables businesses to adjust defenses and fend off criminal endeavors.