Thought Leadership on SMB Technology Challenges presented by Progressive Computing.
For those entrepreneurs out there like us, you likely started your business for the thrill and passion of building something great. Even if you did not start the company, most business leaders have their sights set on growth, success and operational efficiency. We don’t wake up each morning excited to tackle the ever growing complex problem of IT security. I certainly do not kiss my wife and kids goodbye and cheerfully say “I’m off to work now to worry about how hackers are going to steal from me! See you at dinner time!”
Right now, extremely dangerous and well-funded cybercrime rings across the world are using sophisticated software systems to hack into thousands of small businesses like yours to steal credit cards, client information and swindle money directly out of your bank account. Some are even funded by their own government to attack American businesses, or operate in cybercrime cartels.
If you think your company is small and not a big target like a J.P. Morgan or Home Depot, then think again. About 82,000 new malware threats are being released every single day and half of the cyber attacks occurring are aimed at small businesses. You just don’t hear about it for a variety of reasons, but most likely because the American news outlets only care about large-scale sensational stories.
So what can you do to protect your business?
Here are nine practical steps you can take to protect the integrity of your computer systems and save your business from a potentially costly and embarrassing situation.
1. Admit there is a wide-spread security problem and you likely are not secure enough. If you think you are safe and no hacker could possibly be interested in “little ol’ you” then there is your first issue. Hackers are now attacking small businesses because smaller thefts don’t grab headlines, don’t anger politicians, don’t get the attention of the FBI and the are typically powerless.
2. Require strong passwords. It’s amazing how many organizations we encounter that have not turned basic password enforcement systems on. To fix this, follow these rules: Passwords should be no less than eight characters, and should contain a mix of upper case, lower case, numbers and symbols. Smartphones should all have a security pin.
3. Keep IT up to date. Another gaping hole we find during security audits is the complete lack of a regimented Windows and software patching. One of the easiest ways hackers can exploit systems is by attacking unpatched or un-updated software. They know most small businesses don’t pay too much attention to these details so this is where they often pounce first.
4. Basic security. A firewall and security software, like anti-virus, used to be all you needed a long while ago, but hackers have found lots of ways around them. This has left some people feeling these systems are now unnecessary or useless. But, this is a dangerous thought. Basic security systems are still not only a required foundation, but their proper implementation and upkeep are a critical part of the security equation.
5. Backup. Like Spock, some people raise that one eyebrow when I start talking about backup during a security presentation. The fact is that systems will be compromised. Data will be altered or destroyed. Yes, we need to prevent that as best as we can, but assume it will happen. Therefore, you need to be able to recover data, not if, but when something bad happens.
6. Acceptable-use policies (AUP). Does your business have one? Did you have to Google that term to even know what it means? You are not alone. Most businesses we have helped did not have one at the start of our relationship. Having an AUP defines in clear terms what employees are allowed and not allowed to do with corporate IT assets such as PCs, laptops, internet connections, wireless, SmartPhones, etc. But, you can take this one step further by enforcing polices through technology with tools, such as content filters, firewalls and monitoring software. If you don’t want to play Big Brother, then at least be a Smart Sister and have everyone sign off on that piece of paper.
7. Awareness. Many times we find complex and effective security systems are rendered useless simply by human error, or more specifically, because of ignorance. “I didn’t know I wasn’t supposed to allow guests on our internal wireless network,” or “I didn’t know I’m not supposed to document all system passwords in a Word doc on the company shared drive.” But, who can blame them if no one advised or educated your staff about what they should and should not do? Actually I blame you for not taking the time to help them protect you.
8. Engage. Whether you use us or any of our many qualified competitors, please do not attempt to tackle IT security on your own. This is not a weekend Home Depot DYI project. Security is complex, sticky and ever changing. Hire a pro!
9. Stay vigilant my friends. Dos Equis may have the Most Interesting Man in the World, but I’m the Most Paranoid Man in the World. OK, although paranoia might be necessary for me and extreme for you, I implore you to remain vigilant. IT Security is not a one-time event. It happens every second of the day and is constantly changing.
There really is no reason you need to wake feeling like today is the day some hacker will drain your bank account. It’s unhealthy and unproductive to allow IT security to consume ALL your thoughts. But it’s equally dangerous to pay it no mind.