One of the biggest problems to overcome for business security is trying to work out what areas you need to secure: there is no manual to download or “one model fits all”. Securing your business is simply a case of looking at your potential areas for data loss and looking at the attack vectors that may apply to you, finding those weak points and then getting advice on the best ways to plug those gaps.
So where do I start? There are core tenets that will end up being repeated but here a few essential points to consider.
Knowledge is power
There is a wealth of knowledge available to you. Security experts and specialists are available in all shapes and sizes and exist in almost every corner of the globe. Getting advice is easy, but make sure that where possible you seek that advice from more than one source. Also bear in mind that the world of IT evolves at a huge rate, so keeping up with the latest techniques may be a challenge all in itself.
Education makes a difference
In a business environment the weakest link is the end user; the good thing is it's also your strongest asset. Utilising your staff in the fight against cyber crime is not as daunting as it seems: using education to teach your staff the current threats and how they are delivered may make the difference in someone accidentally clicking that phishing link or visiting a compromised website from a spam email. Making them feel an integral part of the business security is an important aspect in keeping the whole business safe.
Being proactive is essential
Securing your hardware and software is an ongoing task. Looking at the way data moves into, within and out of your company will give you an indication of the areas to secure. Also make sure that there is a set documented procedure when something new is added to the infrastructure, change any default passwords, update firmware's and make sure the latest updates are installed and regularly updated. Multi-layered security software is a must, installed on every endpoint and server.
Flexible working comes with risks
Letting your employees work on the road or at home means that accessing your network from all over the world has become increasingly easier and virtually a necessity. With that ease comes the potential for opening up your network to abuse, lost credentials, insecure Wi-Fi connections and/or social media account hacking, which could put your company at risk.
All data is valuable and desirable
Virtualisation is so simple these days – ergo having a multitude of servers is easier than ever. If you're going to host your servers in house make sure you're using secure server operating systems and that the latest software installed on them is patched and up to date. These are in effect the open gateways to the rest of the world and will be at significant risk from attacks (possibly on a daily basis): don't be fooled into thinking your data is insignificant or of no use to anyone else, all data including yours has a value.
Regular backups are essential
Ransomware is one of the most destructive pieces of malware around today, therefore it's very important you consider and plan your backup regime correctly. Take into account the need for point-in-time backups, the frequency and location of those stored backups are all very important, and again professional help is readily available and should be utilised if you're unsure about anything.
Tick all the right boxes
It's easy to read this and think that securing your business is complicated and expensive – and in some cases it may well be – but as with most things in business it's just a case of working through and ticking all your boxes. Once you have a plan in place, utilise the internet to test what you have done: there are many options for penetration testing to see where you're vulnerable, test it, fix it, and test again. If you save money by doing nothing it will only be a matter of time before that approach ends up costing you tenfold of what you thought you had saved in the beginning.
Article by Mark James, Security Specialist, ESET