What does a business need NOW as core to security

Small and medium businesses all struggle with the right balance of security versus functionality. As security increases on a network and its applications, we are reducing the threat of cyber attacks, staff gaining access to the wrong information and much more.

 

As a baseline, businesses need to invest and ensure that they operate the following:

  • A solid centralised anti virus software. Free softwares are not adequate enough in the modern business world. A centralised anti-virus solution enables you to monitor in real-time the activity of all computers on your network and ensure that users have no malware, viruses or activities relating to these active. One-click on a centralised anti-virus system enables you to scan your entire network irrespective of where the users are;
  • Two Factor Authentication. Configuring all users mobile phones to be the second factor of authentication when accessing the office systems, emails and important applications remotely or even whilst in the office ensures that all users are actually who they say they are. It also ensures that anyone with the appropriate credentials attempting to connect to your systems is unsuccessful as they do not have the second factor of authentication – your mobile! This solution also provides significant reporting on user access location which is so important when we talk about general data breaches;
  • Automated Request for Password Change. This should be configured on primary applications and access to the network and emails at least every 90 days if not more frequent. The password change ensures people do not get complacent and use the password on so many other websites and applications that potentially can be breached and have data leaks that expose your team members email address and password, further tempting attackers to attempt to connect to your systems.
  • Solid Firewall Technology. Implementing a solid firewall ensures that any device connected to your network, even it is not known to the business (i.e. devices connected to wireless) is protected from distributing out onto the internet and connecting to the internet with the appropriate website policies of the practice. These systems ensure that all users internet activity is tracked for general data protection breach monitoring and external attacks can be monitored and logged. These devices also automatically update with the latest security protection threats which are prudent, as the data is scanned and blocked by these devices if it shows any signs of malware, spam, or a virus plus more.
  • Applying all Security Updates and Patches. These must be applied automatically or manually as required to your networks operating systems, hardware and primary applications to ensure that operations are not flawed in security allowing attackers to potentially find a hole and access into systems, networks and most importantly – your information!
  • Policies and Procedures. In this day and age, businesses need to ensure that we have policies drafted and staff sign off understanding the importance of
    • Computer Use
    • Internet Use
    • How to report IT issues and why
    • What constitutes a data breach
    • What is the practice’s process if a data breach occurs
    • Remote access
    • IT Security.
  • Solid Backup and Recovery Solutions. Ensuring automation in backups at a suitable frequency and having solid data retention of these backups is important to mitigate liability for a practice, ability to continue to trade in a disaster and recover any missing information prudent for operations. With the advent of cloud and software as a service, you cannot rely on vendors doing backups and must have in place your own solutions to protect your data.
  • Disaster Recovery Testing and Procedures. Businesses need to ensure they know exactly how things will work in a disaster. Testing annually and documenting the process mitigates failure in the advent of an outage and confirms things will work and timing.

Ensuring you know your vendors. One of the biggest floors is not actually knowing where your data is stored, the quality of your vendor and how they react to a security threats. Time must be spent analyzing this to ensure that the provider’s standards meet with that of the practice.