With the regular media coverage of virus outbreaks, fraudulent email scams and state sponsored hacking; getting the message out about how the importance of IT security isn’t an issue. The majority of business’ understand they need their IT infrastructure to be secure and resilient to attack but how do you get there?
If you work for a large business chances are you have a team dedicated to IT security but with 99% of businesses in the UK being in the SME category there’s a huge number unprotected. Here’re our 5 top tips for securing SME IT.
Simple, keep it up to date….? Wrong, virus protection goes beyond that. You need to trust the vendor. It’s no good downloading and installing virus protection from the internet assuming that because it has a few good reviews and looks legitimate that it’ll work. Reviews are really easy to fake and virtually anyone can make a website. When choosing Anti Virus for your computer go with a trusted source and get reviews from multiple sources.
Not so long ago most SMEs would have a server in their office supplying their email, contacts and calendars. Here at Fresh Tech we’ve installed countless Microsoft Exchange, Kerio or even Apple mail servers over the years. This practice is getting rarer and rarer now and in an SME environment it’s hard to see any reason to host email internally.
Hosting communications externally with either Microsoft O365 or Google has huge benefits but chief amongst these is security. Both these companies take security as a top priority and have large teams of experts ensuring their systems are as secure as possible.
This is one of the most overlooked security practices but is vital. An uneducated staff member with privileges can wreak havoc on your systems or drain your bank account. It’s an alarmingly common occurrence for a staff member to send money to a fraudsters bank account simply because an email that looked like it was from their boss told them too.
The relatively simple solution to this is to train staff on IT security. Teach them what to look out for and set up systems to catch the common threats. Put in place procedures to plug the holes and provide a dedicated contact staff can question about anything they suspect might not be legitimate.
Do you have a list of passwords for common services on your network somewhere? Do you simply add an extra number each time you’re asked to change your password? Is your password specific to you? Perhaps your street name with the birth year of your son or daughter? If you said yes to any of these then you’re not alone, in fact this describes most SME businesses and people.
Passwords are the scourge of the computer age but with retina, fingerprint and face scanning hopefully it won’t be too long till they’re a thing of the past. Until then though I’m afraid you’re going to have to live with them.
First of all write a password policy and enforce it. Get rid of any document that has passwords in plain text on your network. Never send passwords over email. This goes for other sensitive information. Think of email as sending a postcard. If you wouldn’t put the information on a postcard then don’t put it on an email. Set passwords to expire after no longer than 6 months.
Taking advantage of a single point of security is a really good way to enhance security. Here at Fresh Tech we’re a Jump Cloud partner. Jump Cloud can provide each of your employees a single password for all of the services they use.
A security audit of your IT setup is a really good idea. It’ll point out holes and suggest how to plug them. We provide a penetration test with our audit in which we’ll use common techniques to gain access to your infrastructure to test it’s resilience.
This is less preventative and more a mitigation point but is just as important. Have a plan for if your IT does succumb to attack. If you’re website is being subjected to to a DDOS attack what do you do? If a rogue staff member steals information from your company what are your next steps?
We have a template we use here at Fresh Tech which has “Risk”, what might happen and “Plan”, a series of procedures to follow if it does happen. It’s a really simple process and thinking about it before anything happens is infinitely better than after the fact.