Cyber Security Basics for Business

We were so grateful to be asked to write a guest post for the Better Business Bureau of Western Washington to include in their October Torch Talk Newsletter about National Cyber Security Awareness Month! Below is a repost of the article.

Cyber Security Basics for Business

security basicsKeeping your business IT systems and services secure is important for a number of reasons. Unsecured systems are often riddled with viruses and spyware, which slow down computers and cause software to crash. More importantly, unsecure systems can lead to compromised client information, which will erode your clients’ trust. Continued trust in the secure handling of your clients’ information will impact your profitability. Breaches in security can negatively influence your sales and customer loyalty.

IT security is a tricky subject: There is no way to keep all systems perfectly secure, short of pulling the plug on the Internet connection. But you can build the fence reasonably high without a lot of cost.

  • Use good quality security software on all devices, including laptops, tablets and phones. Security software usually includes antivirus/antispyware capabilities, though these days most security software includes other modules as well. Software from BitDefender, McAfee, Symantec, NOD32, Kaspersky, Trend Micro, Sophos, Panda and many others will all fit the bill. Some of these packages are better at certain tasks than others, but the important thing is to have it installed, active and updated on all devices at all times. And remember, Apple’s products are not totally immune to viruses, either.
  • Implement a centralized patching system that keeps software up-to-date on all business devices. Microsoft’s Windows Update is the built-in system that keeps software security patches up-to-date on a Windows-based device; similarly, Apple has Software Update. Installing these patches is critical, as bugs and holes are found and fixed over time. When you need to do this across a range of computers (like in any business environment), there are larger systems that can be deployed and managed by a Managed Service Provider to ensure all systems are continuously kept up-to-date.
  • Implement a reliable backup system and test if frequently. Backup systems fail constantly; just having one installed does not guarantee it will work when you need it. Look for a system with a short recovery time (minutes instead of days) to keep your business running in the event of a server outage. A few modern backup systems can even test the quality of their own backups nightly. And if you are still using a tape-based system, it is time to modernize.
  • Implement password policies. It is possible to implement policies on a network that require passwords to be changed on a regular basis. Password changes might seem annoying, but they are important to the continued security of your systems.
  • Use a firewall that has additional built-in security services, such as antivirus and intrusion prevention. Look for a firewall with “Unified Threat Management” or “Gateway Security Services,” or something similar. Vendors often bundle antivirus, anti-spyware, intrusion prevention, web content filtering and other services for a monthly service fee.
  • Ensure you have reporting that shows all systems are working correctly. Business IT security systems are worthless unless you can prove they are working. Ask your IT service provider for a report. They should at least be able to show that antivirus definitions are up-to-date and patches are installed on all of your business devices. A Managed Service Provider can assist further by issuing regular top-down reports to show where things are working and what needs attention.
  • Educate employees about basic security principles. Teach employees to change their passwords on a regular basis. Tell them not to write their passwords down on post-it notes. Advise them not to use simple passwords (words that can be found in the dictionary). Instruct them never to give their passwords out over the phone or via e-mail.
  • Talk to your web hosting providers and make sure they are secure—and that you are doing your part to keep things secure. Your web host and service providers may also have a number of recommendations to help keep your critical data secure. Feel free to ask them!