Top 10 Essential IT Security Questions You Need To Ask Yourself
Your network perimeter and firewall will be under attack every single day. So make sure your small business is suitably protected
Your business will be attacked by cybercriminals, that’s a given – but there are things you can do to prevent your data being compromised. Adam Harling, director of managed services provider, Netitude, explains how to check your company’s IT security is in order and if it’s not, what you need to do about it.
1. Do you let staff choose their own secure passwords?
Your staff should have passwords they set themselves, which are known only to the account holder and your systems should be configured to force a complex passwords of a suitable length (eight characters or more) to prevent ‘brute force’ hacking attempts.
2. Have you bought computers but not installed any virus protection software?
Get advice on the best computer anti-virus and anti-malware software available for your environment. Don’t skimp with free low quality products and make sure every computer is protected and most importantly, the software is kept up-to-date.
3. Do you rely on staff to educate themselves in spotting threats?
Make sure everyone using a computer has been trained in the basics of e-security. Alert them periodically of new threats so they are aware of them and know what to do if they encounter a suspect email or download. Phishing is a real problem as the scam emails look increasingly genuine with logos, presentation and email accounts. They can appear to be from HMRC, banks or people you know.
4. Do your staff access work data via their own smart devices?
BYOD (Bring Your Own Device) is a work norm now. Make policies for accessing any work data via your staff’s personal devices. Agree terms of access before allowing anyone to use their own devices for that access and use the right licencing that allows remote wipe, should you need to remove data quickly.
5. When you fire or make staff redundant do you keep the same passwords in place?
Keep a tight ship and change passwords or disable accounts when people leave the company – especially when they leave ‘under a cloud’. Make sure passwords change and your sensitive data is out of reach. There are many documented cases where an ex-employee has taken revenge because they have kept the passwords to open accounts in a business remotely. Imagine if someone decided to publish all the salaries to all the staff, send rude or scathing messages to your clients or worse – steal from you.
6. Do you keep old unused accounts and not delete them?
Old accounts can be vulnerable to abuse. Track all the accounts that are linked to your company and delete the ones that are not in use. Opportunist criminals can make use of old company accounts and you may find out about it when it’s too late.
7. Do you leave your computer files and docs you are working on open when you go out of the office?
If you are working in a busy, crowded office or somewhere where it is possible for a lot of people to come in and out, this may not be a smart idea – if there is sensitive data that can be accessed. To really clamp down on security, always log off or shut down for lunch or when out of office for extended periods. It’s also good practice to have your system lock automatically after a short spell of inactivity.
8. Do you back up data?
Simply put, if you don’t backup data regularly, one day you will regret it. Whichever way you choose to back up, just make sure you do it. Backup today is not only about having a copy of the data but also how quickly you can invoke that backup data and get your systems and people working again. Always look at the time till recovery as a factor in your backup system choice.
9. When you back up data, do you do it on hard drives in the office?
Today – smart businesses use the cloud for backup. Having a known good copy of your data in a remote location could save your business in a disaster situation. Cloud backups also mean easy automation which means nobody ‘forgot to change the tape’ and your data is always safe and available.
10. Protect your perimeter
Your network perimeter and firewall will be under attack every single day. Modern ‘crypto’ type viruses and malware can wreak havoc on your network and stop your business dead by encrypting your data and demanding a ransom to unlock it. Modern UTM (Unified Threat Management) products can protect your network perimeter and also block viruses from ‘talking’ to ‘command and control’ to prevent data encryption – an essential investment for any business.
Adam Harling is director of managed services provider Netitude.