The internet allows small businesses to reach larger markets and operate more efficiently. However, the theft of digital information is now more common than physical theft, so security should be an integral part of any business’s IT plan. This general rule applies even if a business just uses the internet for email and web browsing. The following six tips will help you improve security in your workplace.
Firewall
A firewall is software designed to prevent unauthorized users from accessing data on a private network. Modern operating systems often have their own firewall and many free firewalls are also available. System administrators should apply patches to their firewall as soon as they become available. They should also review security policies for the firewall at least once each year and update them as needed.
Network Security
The personnel who are authorized to access a company’s network should be carefully authenticated. The complexity of passwords and the frequency at which they must be changed must strike the proper balance between convenience and security. Wi-Fi networks should also use encryption to prevent the interception of traffic. Furthermore, the system administrator should configure a Wi-Fi network so it doesn’t broadcast its Service Set Identifier (SSID).
Premise Security
Individuals requiring physical access to the premises should be identified and tracked. Critical IT assets should also be locked or otherwise protected when not in use. Laptops are particularly vulnerable to theft due to their portable nature, so they require strong passwords and a separate account for each user. Only key personnel should have administrative privileges for portable devices.
General IT Security
Administrators should install antivirus software on the company’s servers and workstations. They should also keep this software updated with the manufacturer’s latest security patches. Employee training on IT security should include best practices for creating strong passwords and other procedures for protecting sensitive data. Training should also cover the company’s policy on Internet use and the penalties for violating those policies.
Email/Web Security
Routine business activities such as browsing websites, sending and receiving email, and sharing files may seem harmless, but they can create many security vulnerabilities. For example, hackers can easily create emails and websites that launch malware. Businesses therefore need to develop policies for using email and web browsers. They should also
implement software specifically designed to monitor and protect computers from malicious Internet activity.
Backup
All businesses should regularly backup their critical data, which should at least includes data on finances and human resources. Backups should be performed automatically at least once each week, and restore procedures should also be tested regularly. Backup data should be stored offsite in the event it needs to be recovered after a natural or manmade disaster. Some businesses can also perform on-premise backups in addition to their off-site capability.
Not sure where to start with implementing security practices for your small business? Let us help – call CSCi for a IT security consultation and we’ll ensure that your business is protected.