While large high profile security breaches clutter the headlines, small businesses can no longer rely on security by obscurity. Hackers regularly target small businesses in automated fashion due to their often lax security protocols. A security breach can wreak havoc in your small business. Take these steps to secure your trade secrets and your sensitive employee and customer information.
- Whole Disk Encryption
Your computers, especially your laptops, are increasingly vulnerable to theft. Even when a computer is secured by a password, a thief can easily access the data on the hard drive if it is not encrypted. With whole disk encryption, the entire hard drive on a system is encrypted and unavailable without a key. This can be setup so that it is transparent to your employees, offering a balance between security and usability. The authorized users will use their computers as they always have, but if the disk is taken out of the system it will be unusable without the key.
- Sending Encrypted Emails
Many businesses do not realize the vulnerability that sending sensitive information over email causes. Emails are generally sent in plain text, and anyone that intercepts them can read them and access the attachments! When you implement email encryption, email is encrypted before it is ever sent, and it is unreadable to anyone that does not have access to the encryption system. The receiver gets a notice of the email, clicks on the decryption link, and reads the email. With very little change to the way a business uses email, what is sent is completely protected.
- Two Factor Authentication
Passwords can be compromised a myriad of different ways. When you enable two factor authentication, a lost, stolen or guessed password is not enough to login to your critical systems. On systems with two factor authentication, another identifier in addition to the password is used to verify the user’s identity. Banks began using two factor authentication long ago. To access your account on the ATM, you need both the card and your PIN. The second factor besides the password can vary widely. It can range from biometric readings such as fingerprints to a simple text message sent to the user’s cell phone. Once two factor authentication is in place, a business has gone a long way to securing the accounts of its employees.
- Forced Mobile Device Encryption
Mobile devices for your employees are a great boon to productivity, but they can also present a huge security risk. Think of them as hard drives that are already out of the system. Anyone that picks up the phone could have access to the sensitive data on it. Corporate grade email platforms, like Microsoft Exchange, give administrators the ability to force encryption on connected mobile devices, ensuring data is useless to unauthorized users.
- Mobile Device Remote Wipe
Sometimes a mobile device that had previously been authorized to access company data might no longer be authorized. Whether because of employee separation, or the device being lost or stolen, there are a variety of solutions that will allow administrator to perform a factory reset on the mobile device. By setting the mobile device to factory defaults, all connection with the business systems are effectively and cleanly severed, thereby protecting the business assets from unauthorized access.
Many businesses don’t actively pursue a proper backup plan that protects their business. There are several different aspects to a backup that would need to be discussed and put into place, but all of it boils down to a file level back up and disaster recovery. With a file level backup, the concern is that if a file becomes corrupt or otherwise inappropriate to use, a clean version of this file can be obtained from this back up. With a disaster recovery plan, the discussion is not about restoring individual files, but entire systems at a time. Both types of plans are needed because modern businesses rely heavily on the availability of the electronic data, and every effort should be made to make it so that if some or all the data is lost, it can be recovered with a minimum of effort. The way to do this is to spend the time to develop, implement, and intermittently test a solid backup plan. Also, bear in mind that plans vary wildly based on the business needs. One size does not fit all!
There have always been and always will be some nefarious characters that are trying to disrupt your business – either for fun, or profit. In this modern age, many of these efforts are found in electronic attacks. These attacks can range from a nuisance pop up to your systems being rendered unusable until you pay a ransom. The need for protection against these threats cannot be overstated. A business always needs a good antivirus solution that will stop most, if not all, of these attacks in their tracks. The solutions vary widely, but a good solution will be centrally managed, kept up to date, effective against attacks, and usable with a minimum of user interaction.
- Patch Management
Every day, these electronic attacks mentioned earlier get more and more sophisticated. Therefore, it is very important to keep all software patched and upgraded to the latest version so that any security holes that the developer has patched are fixed on your business systems as well. Businesses generally should use a patch management system that automatically keeps track of patch levels on software, downloads the updates, and pushes them to the necessary business systems. Out of date software is the number one source of vulnerability with electronic attacks.
- Employee Education
The last thing on the list, but the first on our minds, is our most precious resource: Our employees. It is very important to communicate with the employees the security concerns and expectations of the business. A business should put in place a system for continuing employee security training. The point of this education is twofold. It will bring about greater employee satisfaction and efficiency, and will also help the business meet its stated goals. Of course the educational needs vary widely per business, so a plan for employee education will necessarily be uniquely planned for your business.
Author Jonathan Bowen is a Senior Network Engineer at IT Indianapolis, an I.T. consulting firm headquartered in Greenwood, Indiana. Visit http://www.itindianapolis.com to learn more and to request assistance deploying any of these security initiatives in your business.