With so many business IT security breaches in the headlines recently we thought it helpful to publish this concise blog detailing 5 essential business IT security tips readers may not already be aware of. Many experts in IT security will agree that there is no such thing as absolute protection but there are some easy, common sense ways to reduce the most frequent IT security threats.
Essential Business IT Security
1. Staff education
Companies can spend thousands of pounds on software and hardware that toughen their business IT security defenses only for them to be blown apart if staff do not understand the basic concepts of IT security. Staff should be regularly trained and reminded that malware attacks are commonplace, they should be taught to be vigilant when receiving suspicious emails, careful when downloading from unknown sources, and especially cautious when using social networking sites as these are prone to social engineering and phishing attacks. Social engineering is where fraudsters manipulate people to obtain confidential information that is then used to break through business IT security protection.
2. Social network lock downs
Cyber-criminals use social media sites like burglars once used skeleton keys. All default security and privacy settings on sites such as Facebook and LinkedIn should be configured to restrict potential hackers finding out personal information.
Staff may consider locking down these sites as paranoia but it’s surprising how much personal and business related information can be obtained from a simple search of a users social media presence. Friend and connection requests should be researched and validated to ensure the approach is not the part of a cyber phishing scheme. Phishing is the way hackers secretly acquire secure information and build up a profile of their victims.
3. Router / firewall security
Small business networks are often the cause of security breaches due to the lack of security at the network router / firewall. Routers are the cyber equivalent to your office front door and security alarm system, if this isn’t a safe, properly installed defense then you’re likely to be broken into. In fact, unlike a physical office break in, cyber attacks are far quicker and easier for the criminal.
Hackers are constantly crawling the internet searching for open front doors with inefficient security alarms. Here are a few tips on basic router security;
- Never disable SSID on wireless routers – a better solution is to change the default SSID
- Constantly upgrade router firmware releases, these are created to fix known security problems
- Limit open ports – restrict open ports to only the services required on a business network
- Invest in a business class firewall such as a Dell SonicWALL, these have a higher level of security than most small business routers
- Always change the default password on a router to something very secure
4. Protect your data
Protecting valuable business data is essential, especially in the event of cyber crime or malicious attacks. These easy to apply tips should be introduced and checked on a regular basis:
- Take regular backups and store away from the office in a secure location
- Install anti virus on all computers and keep up to date
- Rename admin accounts to a different name, and make passwords difficult and different
- Enable desktop software firewalls, such as the Windows Firewall
- Always apply computer security updates and patches, check these weekly
- Never leave logged on devices unattended, set security lock codes or passwords on computers, phones and tablets
- Try to always use 2 factor authentication (2FA) – this is where you use something like your phone to verify your identity
5. Mobile phone security
Cyber-criminals know that most businesses have their computer and networks locked down, and have educated staff on computer security. This is why they have now started to focus on mobile phone vulnerabilities.
Most people use email, text and social networking apps such as Facebook, Twitter and LinkedIn on their mobile device, so phones now need to be as secure as business laptops. Mobile device users need to be cautious about web links via text just as they would via email. Phones should always be locked down with PIN codes and remote wiping enabled in case they are stolen.
Vigilance and common sense should be used when installing any software on mobile devices, just as it should be on any device that connects to the internet. Mobile phone antivirus software should be considered for users that need extra protection, this software is now becoming more advanced and provides a strong first line of defense in event of virus attacks
If your company is interested in testing its online security defenses, contact Fentons to perform a free, no obligation business IT security audit.