If you were to take a poll of what keeps small business owners awake at night, it’s likely that getting hit with a security breach would be near the top of everyone’s list. In today’s mobile technology environment, security is complex. Even the most diligent organizations can overlook security mistakes that are relatively easy to correct. Here are some of the most common security mistakes small businesses make. Don’t let them tank your business.
1) Weak Passwords
Many people might not realize it but using their anniversary date and their child’s middle name as a password is really not a safe choice, especially in today’s age of social engagement. Think about it, this information is more than likely available on your Facebook page. Using special characters in a password, using upper and lower case letter patterns and adding variety in your passwords make them much harder to crack. Try using ! for the number 1, $ for the letter S and so on.
2) Not Using or Not Properly Managing Virus/Malware Protection
Even if you are using a firewall (and you should be) layering security with an up-to-date antivirus software is a must. If the firewall fails to catch the virus, the antivirus should take care of it.
3) Not setting and enforcing usage and security policies
Even with a Firewall and antivirus in place, many viruses come onto computers and networks through individual error. Downloading games, visiting social networking sites, and opening emails with suspicious attachments makes your network vulnerable to viruses. Staff needs to know when and what they are allowed to access on your business’ network and computers. Policies should also be established regarding passwords, confidentiality, and usage of data and software. Using software or, even better, hardware-based internet monitoring and filtering systems can go a long way toward enforcing these policies.
4) Not Using Centralized Patch Management
Operating system and application vendors release software patches and updates periodically to not only add new functionality but to also correct possible security flaws. Make sure that you have enabled software updates on your PC and if you work with an IT provider, ask them about their patch management strategies.
5) Insecurely Storing Data/No Data Transport Policies
Do you have a thumb drive with stored sensitive data on your key ring or sitting on top of your desk? Is your organization’s data backed up to a tape and if so, do the tapes go offsite and are at any time not under your control. The loss of a smart device, USB drive or backup tape with sensitive information is a critical situation and can be financially and possibly legally very costly. Not only is this not appropriate for business backup, employees should not be allowed to transmit data that might fall into the wrong hands
6) Not Verifying the Integrity of Data Backups
If you were to experience a disaster and you lost your data could you restore your data from your backup? Unfortunately many companies don’t realize until it is too late that their backup files are corrupted or that no files are actually being backed up at all. Backups solutions should be tested regularly and in the best case scenario, disaster recovery solutions should be tiered, with onsite realtime backups with the ability to virtualize your servers and applications along with secure offsite data storage.
7) Choosing the Wrong Tech Support Solution
Many small businesses start out managing their own IT or call their cousin’s best friend’s brother to come out when they are experiencing an issue. According to Gartner research, many small businesses try to use as little IT help as possible but this is really not a good idea and will likely end up costing the business more money down the line. If you plan on expanding your business at all it makes sense to partner with a knowledgeable IT professional who will help you make wise IT investments and help your company’s technology grow seamlessly as your company grows.
Fine tuning a holistic strategy for security management is an essential component to good technology management. This means identifying tools that enhance that goal on your network as well as deciding policies company-wide about what to allow employees to use and what security systems to implement. For our Launch Pad Business Care Clients, our bundled program includes proactive technology planning and management, a comprehensive disaster recovery and data protection solution and a managed and coordinated Antivirus, Anti-malware and Anti-Spyware system. A problem of any kind our any client’s desktop or server, immediately generates an alert to our help desk and is remediated before the threat escalates. This is the kind of wrapped protection you should seek to put in place on your network. If not, you may be in for some unwanted and costly disasters.