There are many ways to secure a business – lock the doors, hire a security guard, so forth. However, in today’s world, it is just as important (if not more so) to protect the 1’s and 0’s that populate your customer records, contracts, and private information. Losing that data can range anywhere from being a serious inconvenience to causing companies to shutter, with many nasty things in between. This is why it is so important to follow best practices like these 5 steps to keep that data safe.
- Educate Employees
You can have all of the firewalls and filters in the world, but if your employees go out effectively looking for trouble, they are going to find it and its going to negatively impact your business. After all, malicious entities attempt to attack using techniques such as phishing and social engineering every day, and these attacks come frequently. According to the Symantec Intelligence Report for August 2014, the average number of spear-phishing attacks for the month was 20 – and this was the lowest amount for the full year going back to September 2013. This means that if your employees aren’t cautious with what they download or what emails they open, lots of bad things can easily happen.
- Configuration is Key
It’s easy to assume that non-IT staff members are where the problems come from. However, it is imperative that IT be diligent about keeping existing infrastructure patched and updated at all times, and that new software configurations aren’t tied to old software that hasn’t been patched in years. If you have that kind of system in place, you have effectively given hackers a VIP entrance to your systems for a private data fire sale – all data must go! Whenever a new installation happens, updates are the first thing that should occur before anything else happens on that machine, and after that security protocols such as firewalls need to be in place.
- Check your Network
Speaking of firewalls, it really is important to have one; everyone company should have a secured network in place. But they also need to verify that the corporate network is the only one, without any loose ends that open up to the general internet. For example, remote access by employees and executives should only happen via VPN when outside the company network, and all internet connections need to be connected to the main network. Having secondary networks in place that don’t follow all of central IT’s rules can be almost as bad as having no security at all. The only real exception would be in a retail environment where there is a second wireless network for customers to use, and in those cases that second network should have zero access to anything on the main company network.
- Find out where and how the attacks come
Research is incredibly important in keeping your business safe, and in many cases your vertical will determine what is incredibly important to protect against, what is mildly important, and what simply doesn’t matter. For example, a legal consultant who does no work with consumers probably doesn’t need to worry about POS-based attacks because he likely doesn’t have one – however, the legal supplies store owner who does work with customers directly is a lady who should always be cautious about this type of attack. Understand your business and your practices so you have a better idea of what to look into to build your defenses into your firewall and other security tools.
There are certainly other steps to take in keeping your infrastructure safe – we haven’t touched on preventing someone from physically stealing a server or company laptop, for example – that here at Vault Networks we can support you with. Using that theft example we can move your servers into our data center, or you can migrate to our public or private cloud environments. We can also procure any additional equipment you might need to keep your data safe such as disaster recovery tools or firewalls. To learn more about how we can help you, please reach out to us by calling (305) 735-8098 option 2.