• Initial configuration of devices and software cannot be overlooked. When you are adding a new device to your network, be meticulous in setting it up. If you have an administrator account on your network that is still setup with the default password, it can provide a massive security hole in your organization.
• Access Management is critical for all businesses. Accounts need to be locked down with only necessary access to data. All user accounts also need to have rules for password management. ex. password complexity, password history and password expiration. These systems should also be audited often to ensure correct access for all employees.
• Multiple Fail-points are essential. All of the company data being held on a single server? 3-2-1 Backup Rule must be followed if you are in the IT industry! Have 3 copies of your essential data on at least 2 different types of media with at least 1 off-site! This is the only way you can make sure your data is safe and recoverable if anything happens.
• Establish and promote security awareness to all employees! In an effective IT on-boarding session, you need to reiterate what they can do to keep themselves and the company from being breached. This means phishing education, acceptable internet use guidelines and password management. Keep in mind that SSO (Single Sign On) systems are a blessing when it comes to managing user accounts! Check out our separate article on the importance of security awareness here.
• Anti-Virus software needs to be run frequently to ensure company devices do not get infected. This software and all software/operating systems must be kept up-to-date to avoid the latest vulnerabilities from hurting your company.
• MDM “mobile device management” is important so the IT department has control over all data. If you have an employee that left the company and has ill intentions, you need to be able to lock down your data on that device.
• Network security is essential. You must have VPN and firewall solutions in place that protects information on your network. All computers accessing your network (whether in office or from home) need to be up-to-date and confirmed to have no security issues. VPN solutions should require up-to-date security/AV software before allowing access to your network. Wireless networks in your office also need to be locked down to ensure access is only provided for your employees

Check out these small business Security Guidelines from InfoSec-Simplified! http://www.infosecsimplified.com/smallbusinessguidelines

Tweet

Please share this page if it helped! Anyone questions/comments/suggestions are always welcome!