We totally get it, cybersecurity is tough, especially if you’re not a tech person. Trying to keep up with all of the changes without making a mistake can be nerve-racking. It’s like throwing a teenage driver out on the expressway in New York during rush hour traffic. But with that said, there are some basic things that every business should be doing.
The following list is a group of things that our security team has actually witnessed within the past year. We have to admit that we were shocked that some of these things continued to be an issue. Especially when you consider the number of highly publicized security breaches that we’ve all heard about over the past few years.
Public Service Announcement
If you find an item that you are guilty of as you’re reading through this list, we need you to immediately stop reading, scroll to the very bottom, and click the schedule link. This will allow you to schedule a time to speak with one of our security specialists about getting your security needs met.
All kidding aside, we sincerely hope that you are not guilty of any of these things. But if you are, now is not the time to be ashamed. If not us, please seek the help of a professional to secure your business.
Here are the 10 things that show you have a serious security problem in your business.
You don’t have a commercial-grade firewall
This is your first line of defense for your business from the outside world. Don’t trust the security of your business to a device that is meant for home use. Invest the couple of hundred extra dollars to actually protect your business.
Missing patches for operating systems and applications
We understand that there have been some bad Microsoft updates rolled out in the past. So if you don’t want to have them automatically installed, we get it. But that doesn’t mean that you wait 6 months or never install them. These updates are usually designed to fix a vulnerability. If you don’t install them, you’re leaving yourself open for attack.
Failure to monitor and detect data loss
This should be an easy one as any commercial-grade firewall should have the capability to do intrusion detection. Bottom line, you should have something in place to notify you if your network gets compromised.
This is probably the easiest one to resolve. You can beef up your passwords with a combination of lower case and upper-case letters, numbers, and symbols. Or you can use a two-factor authentication system. The latter is the easiest way to overcome weak passwords in our opinion.
Lack of logs and audit trails
This one specifically applies to those who are in regulated industries. If you can’t produce an audit trail that shows who accessed what and from where then you are not compliant.
Use of a lot of “free” software
Free software can lead to security breaches. Just know that there are a lot of different software possibilities and not all of them are safe. If you’re using free software, just understand the risks that you’re taking. Ask yourself if the savings from buying a premium program is worth the risk you’re putting yourself in?
No separate guest wireless connection
It is not mandatory that you offer wireless access to your guests. But if you do, it should be on a separate network. The last thing you want is a guest to be able to access one of your computers that has sensitive data on it.
Missing or outdated anti-malware/antivirus
While both anti-malware and antivirus get knocked for being incomplete solutions, they’re still necessary. You should always have something up to date running on your computers.
You don’t have consistent backups of your data
While this doesn’t directly impact cybersecurity, it does impact the security of your business. In today’s digital world where most of our business exists on a computer, it is crazy to think that you wouldn’t backup your data. Yet we have found this to be the case on more than one occasion. Take your business seriously and ensure that you have backups of your business files. And as a word of advice, don’t let anyone tell you that a RAID system is just as good as a backup.
Lack of professional guidance
Some businesses don’t have the need or resources to justify having a full-time IT person on staff, but every business needs a professional that they can trust. There are plenty of outsourced IT vendors out there. If you don’t want to go through the hassle, just give us a call and we’ll help you out.
There are plenty of threats that your business is faced within this digital world that we live in. We hope that you weren’t guilty of any of the things on this list. But we also hope that this gets you to take cybersecurity a little more seriously.
If you question whether your current strategy is adequate, we encourage you to give us a call. Let our security experts do what they love so you can get back to doing what you love.