blog

Business IT Security, are you following the basic steps?

it security

There is basic security that we all accept as habit in our daily lives. You wouldn’t leave home without locking the door, you wouldn’t leave your bike without using the lock and you wouldn’t (or shouldn’t) hand your keys or cash to a stranger to look after.

These are basic security measures that we all simply accept and understand as a feature of our daily lives.

If you don’t every one of these basics in place your business is at risk. There really is no question about this.

Let’s have a look at the top 6 security requirements every business should have.

Password Security

Your password, thats exactly what it is. Yours. It should never be shared with anyone. Your password is to your IT Systems as the key is to your house or car. It can be used to unlock access to all your private information and company data that you have access to. It should be treated with respect and confidentiality.

Setting a secure password is not complicated. If you are sharing passwords, writing them down or have simple passwords that match your name, day of the week or month, or are simply “Password123” you are letting yourself and your company down.

Password cracking is probably the oldest form of computer hack. It is still incredibly popular today. If you knew where to look you could pick up an advanced password cracking tool from as little as £5 and use it to expose users with simple passwords.

Some quick tips for good password etiquette.

  • Never share your password
  • Use a secure password management tool and never write your passwords down
  • Use a different password for all your accounts
  • Ensure your password has 12 characters, include letters, numbers, symbols, upper case and lower case
  • Don’t use a dictionary word
  • Don’t use obvious substitutions i.e a zero for the letter o
  • Try not to use your passwords when on public wifi
  • Periodically change your password but don’t suffix it every time with a number!

Anti-Virus

Anti-Virus should be installed on every computer that your business owns. You should also know that its installed and up-to-date and report on this to ensure your business is compliant.

99% of virus’ change their form every time they install, so traditional Anti-virus is often less effective these days. Therefore you should always compliment good AV with the other security practices in this article. It’s no longer acceptable to say “I have Anti-Virus so I am protected”

Modern Anti-Virus such as Webroot include tools for rolling back changes that malicious software may have made to your computer. It is also very “light weight” therefore it will not impact your use and speed of your computer in anyway.

Anti-Virus on its own is not the key to protect your computers from ransomware. You need a mix (or all) of the security measures in this article to protect your business from ransomware.

Email-Security

91% of hacking attacks begin with phishing or spear-phishing. The majority of your staff will automatically trust email traffic that is arriving in their inbox and most will act upon the contents.

Your business should be using some email security software that no only reduces the levels of annoying unwanted email spam but also protects your staff and your business against threats.

Your email security suite should provide at least the following

  • Filter out spam
  • Protect against malware
  • Filter out unwanted content
  • Detect phishing emails

Don’t forget outbound emails as well. Your business is at risk from your own staff and outbound Data Loss Protection will ensure that your corporate data is not stolen.

Web-Security

Web security used to be about controlling access to certain websites to prevent staff from distraction and from wasting valuable time. Today, whilst this is still true, staff like to feel more trusted so more and more business are leaving the web open. Web-security now ensures that the websites your staff are visiting are clean and do not have code embedded in them that will put your business at risk.

The majority of ransomware attacks are as a result of an unprotected user opening up a single webpage that has been compromised with malicious ransomware code. Ransomware has the potential to render all your business files useless unless you have a good backup. It only takes one user to potentially infect your entire network.

Your chosen web-security product should protect your staff wherever they are. Whether this is in the office or working from home or hotel on a laptop.

Patch Management

Malicious hackers are looking for backdoors into your business. The most recent security breaches highlighted in the press often come back to business’ working with computer operating systems and software that is out of date.

Your business should not be using operating systems that are no longer supported. It’s like leaving your front door open on a busy street and your valuables on display. Its just too tempting for somebody to exploit this opportunity.

Modern operating systems such as Windows 10 are more secure but they must be patched. Much like Anti-Virus your business needs to know that all your systems are patched and protected. With 99% of virus mutating with every install, patch management is just as important as Anti-Virus.

Backup

Finally the overarching protector of all business.

Quality backup is key to every business security plan. You must be able to to rely on your backup to get your business back up and running and it must be able to do this FAST!

Consider your data wiped by Ransomware, would your backup solution result in your entire working day being lost?

Your backup needs to run frequently and generally more often than once every night. You also need to ensure that your backup is successful and that your data is stored securely and offsite.

In conclusion

IT security is more complicated than bolting your front door and setting your alarm when you leave for work in the morning. However, these 6 key security requirements are fundamental to securing your business and come as a basic part of all the Managed IT offering from Aura.

If you want to discuss these in more detail and how we can help protect your business please don’t hesitate to contact us.