5 Most common business IT security mistakes
Being a small business is not an excuse to ignore IT security. These days everyone is vulnerable to malicious attacks. Gone are the days when only banks, tech brands, online shopping outlets and larger corporations were the ones in the firing line. If your business relies on technology for its operations, then you really should read on.
You might be thinking that your assets are too small or your day-to-day operations are not significant enough for anyone to waste their time targeting your business. Well, unfortunately, you are wrong. This particular attitude plays right into the attacker’s hands, as they are often acutely aware that you may not have a dedicated IT support to ensure the safety of your data and networks. These smaller businesses are actually the best targets for security breaches.
When it comes to establishing security for your business, do not underestimate and never let your guard down. Know the areas of your IT that should be secured:
1. Open wireless networks
Security is vital to wireless networking. Unless you’re using an open wireless network to attract more customers (like cafes), being too generous with your wireless network access is certainly risky business.
Here are the perils of allowing the public to your private network:
- Anyone can steal bandwidth and overload your network due to heavy usage.
- Anyone can monitor your online activities and gather proprietary information, logins, passwords, intranet server addresses, and valid network and station addresses.
- Anyone can transmit spam, hack your system, sabotage your files or steal your data.
- Anyone can use your network as a springboard to attack others.
What you need do:
- Never turn on your network until it has been secured with firewalls, data encryption, user authentication protocol, etc.
- Deploy a wireless access point that supports VLANs for your remote workers.
- Set up a guest VLAN that restricts access, and assign random passwords which expire after a specified time.
- Broadcast only guest SSIDs, not your company’s SSIDs
- Lower your power settings to get better coverage near the modem but reducing the maximum distance of coverage area
2. Bring-your-own-device (BYOD)
BYOD has evolved from being a trend to becoming an accepted norm in a business environment. This is hardly surprisingly, given that BYOD’s offers obvious savings for employers and greater flexibility for its employees. This is why most businesses today support and even encourage their staff to use their personal device(s) for work. However, BYOD is not only about benefits. It also comes with risks especially if the company has no proper security measures in place.
Risks are as follows:
- Unprotected BYOD devices are prone to mobile malware which may spread to other devices and your network.
- The unauthorised and inappropriate sharing or saving of corporate data on external sources that are beyond IT control.
- Device loss or theft, and the inability to prevent a possible data breach because of it.
What you need do:
- Educate your staff about the risks and the BYOD best practices.
- Develop a comprehensive network security policy based on assessed risks and identified weaknesses.
- Establish a level of access for each user, based on their role in the organisation.
- Use key data protection tools like firewalls, encryption software, content filters, virus protection and passwords.
- Keep OS, firmware, software and applications up-to-date.
- Implement a backup system for user data, preferably one offsite.
3. Unmanaged/Self-managed Anti-virus (AV)
An unmanaged anti-virus (free anti-virus) is common for companies composed of a few people, say no more than 10. The problem with relying on an unmanaged antivirus software, however, is that it only works when the software is updated and/or turned on. Moreover, anyone can disable it or uninstall it like any other program. If this happens, you’re in trouble. This is why we don’t recommend free/unmanaged AV for any business.
The downside to unmanaged AV:
- The definition updates for new threats can be slower to get to your system than a paid version.
- Computer users can skip automatic updates, making the software obsolete and leaving your system vulnerable.
- It will require you to be extra vigilant in making sure all employees stick to the limit in online activities and follow safety measures.
What you need do:
- Those businesses with limited IT support or ones who perhaps lack the infrastructure and budget to switch to a managed service provider should consider Microsoft Security Essentials. It’s free with each genuine copy of the Windows OS you buy.
- Although there is no free managed AV, it should be seen as an operating cost, ensuring the complete protection of your pertinent business information. It’s well worth the investment. With a managed AV solution, you take full control of the program by taking it out of users’ hands. It can’t be uninstalled or disabled without a password. Updates are downloaded and applied automatically to protect your system against the latest threats. These threats change on a daily basis. Yes, really. Only a small amount of monitoring is required on your part to ensure everything runs smoothly.
4. No/unmanaged Firewall
The work of a firewall is to keep your network secure. It controls the incoming and outgoing traffic on your network, based on a set of rules for how data packets should be handled by the network, essentially blocking all unauthorised access to your resources. Needless to say, having unmanaged or no firewall is like leaving the floodgates open to malicious attacks.
Firewall solutions for small business can be hardware or software-based. Cisco suggests, “The ideal firewall solutions for small business integrate a hardware firewall with software controls into a comprehensive security solution that includes virtual private network (VPN) support, antivirus, antispam, antispyware, and content filtering capabilities.”
What you need do:
- Software firewalls protect individual PCs whilst hardware firewalls protect the entire network. You should seriously consider having both.
- Enable auto updates for your firewalls and time them properly.
- Firewalls should be configured and reviewed on a regular basis
- Instead of setting your firewall based on usage habits of employees, keep the settings consistent across the network. Individualised firewall settings on different computers will just make the task of identifying firewall weakness more difficult.
- Add multiple layers of security. By supplementing your firewall with the essential add-ons like a spam blocker, spyware blocker and an anti-virus program, you add valuable layers to ensure that your network and PCs are always safe.
- Monitor user access to the firewall configuration. User access logs can reveal potential threats, unauthorised access attempts and even unwanted changes to your security policy from within or outside the network.
- Test major firewall changes before going live to avoid business disruption such as network latency issues or complete network outages.
- Consider managed firewall protection for customised and round-the-clock protection.
5. SPAM filtering
How many spam or junk emails does your business receive on a daily basis? More than you wish to receive, I am sure. Every business needs to effectively filter out these unwanted emails as they’re not only a nuisance, but they often carry in them infected email attachments and/or compromised external links that contain viruses, phishing attacks and other malicious content.
What you need do:
- If you have an existing spam filtering solution, don’t rely on your default settings. Customise your spam settings by managing the filter policies or parameters (content filters, header filters, blacklist filters, etc.) You can configure the setting to reflect a company-wide filter setting or apply different settings to specified users, groups or domains in your organisation.
- Encourage your employees to report a spam. They should also be informed about your company’s spam filters and trained on how to use them to prevent future problems.
- Opt for a business email hosting so someone takes care of spam mails safely and efficiently.
IT security is vital to any business because a security breach can happen to any organisation and at any time. The key to keeping your business safe is to understand how each component of your IT protects your business and how each might be vulnerable.
Unfortunately, there’s really no “complete” solution that can address all business security risks. Work is never finished when it comes to managing IT security as threats keep on evolving and security solutions get obsolete over time.
Know if your network is protected. Contact us for a free expert IT consultation.