Employee computers are the gateway to your software, programs and critical data. Are you taking proper steps to protect them? Twelve people become a victim of cybercrime every second. The U.S. has even declared cybercrime a national emergency. And because small businesses are prime targets, business owners can’t take computer security lightly.
7 Critical Computer Security Tips
You can’t keep tabs on every computer security best practice — so we’ve done the legwork for you. Here are 7 critical computer security tips you need to put in place today to protect your small business:
1. Prioritize Patches
In your towering list of daily responsibilities, patch updates fall low on the docket. But disregarding these small fixes can expose your business to potentially catastrophic software vulnerabilities. Take Equifax, for example. Hackers entered its system through a web application vulnerability that had a patch available for two months. Attackers recognize that patch weaknesses are low-hanging fruit because IT administrators so often overlook them. Start by installing automatic patch software and OS system updates. Document and enforce a patch management strategy to cover your bases. Here are some steps to take when defining your strategy:
- Document all software your company uses
- Build in proactive management
- Define and enforce your policy
2. Install Antivirus Software
Does your team suffer from slow, unreliable computers? That could be a sign of spyware. Run spyware scans weekly to fend off attacks. Automated solutions take the manual labor out of virus and file scanning. However, beware of free antivirus software. As they say, you get what you pay for. And many savvy attackers can easily penetrate free solutions. When paying for antivirus software, the company is more invested in protecting your systems. (But like any automated program, you also need someone to manage it.)
3. Update Your Corporate Password Policy
Are you still preaching outdated password practices to your employees? In the past, password experts like Bill Burr have recommended mandated employee password updates every 30 or 60 days. But studies have shown that forced, frequent password changes encourage people to choose weaker passwords. And hackers have no problem cracking these. Of course, that doesn’t mean you should never ask employees to update their passwords. If an employee’s password may have been compromised, reset their password. Make sure your password policy prevents employees from:
- Including their names in passwords
- Repeating previously used passwords
- Password hashing (replacing letters of old passwords with symbols and numbers). Algorithms can now consistently guess hashing patterns.
4. Back Up Daily and Test Your Restore Process Often
Tape backups are prone to failure. If you’re still using this outdated method, your data could be at risk. If you’ve already invested in new, shiny backup hardware, concentrate on documenting and testing your backup and restore process so another staff member knows exactly what to do when disaster strikes. Set up a backup schedule based on the nature of your data. For instance, back up mission-critical information like financial information daily. Less sensitive information can be backed up weekly. We hear data restore horror stories all the time from new clients. The moral of the story: Backups and restores fail a lot, so don’t skimp on testing.
5. Create a Plan for Stolen Computers or Devices
If employees work remote or take laptops home with them, you must prepare for an inevitable scenario: lost or stolen computers. What would happen if an authorized user gained access to an employee computer? Do you have remote wipe capabilities in place? Do you have an identity access management system to quickly reveal which programs may be compromised and which passwords need to be updated? Audit your software and systems, and document the immediate steps that need to be taken if a computer is stolen to prevent information from getting in the wrong hands.
6. Impose Email and Internet Restrictions
Sure, ignoring unsolicited emails, phishy attachments and spammy links that come from people you don’t know might seem obvious. But assuming employees know how to identify spam — and will act accordingly — is unwise. The best way to identify potential targets is to test user behavior. Will they avoid untrustworthy downloads? How will they react to a potentially spammy email? At Computer Solutions Group, our cybersecurity experts simulate and send out spoofed emails to clients. Then we track and notice who is clicking and provide those users with training to prevent successful spam breaches. Whether you do this in-house or work with an outsourced security expert, continually educate employees about spam risks and how to identify it. Read: How to Keep Your Employees From Leaking Confidential Information.
7. Consider Virtual Private Networks
Personal firewalls protect a single Internet-connected computer by controlling how programs use your network and preventing computer files from being scanned. In-office routers provide another layer of security, too. But what happens when employees work outside the office — at a coffee shop or airport? Using private Internet connection is a major security vulnerability. This is where a virtual private network (VPN) can help. VPNs encrypt your web traffic to a server, which the VPN company operates. This way, trackers see the VPN’s IP address, not yours. VPNs can also hide your location to protect you or other employees when working abroad. Just the thought of keeping up with new threats and computer security best practices is mentally draining. But protecting employee computers is just as important as locking your office doors each night. You can have the best of both worlds: Comprehensive threat management on a small business budget. SugarShot is dedicated to bringing you the absolute best IT security services — so you never have to question whether your business is protected. Give us call today at 310-641-3274 to learn how our flexible managed IT security services can safeguard your critical data and devices.