In our modern society cases of identity theft and data breaches have become the norm. Successful breaches are on the rise. Hackers are using new tactics to infiltrate networks and steal data from big and small businesses alike. As a business owner, it is your responsibility to invest in the most appropriate strategies to secure your network and your data. A successful breach of the network by hackers can expose confidential data and damage the reputation of your business. If your business relies on a functional computer network and the data stored on it you should exercise extreme caution to prevent cybercriminals from exploiting vulnerabilities in your infrastructure and successfully breaching the network. This guide provides the 5 best ways to protect your business data to prevent a successful breach of your network.
1. Use Strong Passwords
Every security policy requires a proper password management strategy. You should always create strong passwords for all of your accounts. Don’t ever use the name of your business or your date of birth as a password. You need a sophisticated password strategy that includes numbers, letters (both uppercase & lowercase), and special characters. Passwords should have a minimum 8-character requirement. Such a strategy will make it difficult for hackers to randomly guess user passwords. In addition, you should change your passwords on a regular basis, preferably every 90 days at a minimum. Company policy should also dictate that old passwords cannot be reused when employees are forced to change them. A best practice would be to implement a password policy that remembers the last 24 passwords used by a employee user account. All of this can be automatically enforced with technology by setting up a password policy on your company’s domain controllers.
To make it even more difficult for would-be digital assassins consider implementing Two-Factor Authentication (2FA). This is an additional layer of security that works in tandem with your username & password. A 2FA security solution requires that you enter a special one-time access code after you enter your username and password. The 2FA one-time access code is randomly generated on a device that you own and currently have in your possession. Without it the user cannot complete his login process. So, even if a hacker obtains your username and password they still would not be able to login as you because they won’t have the device required to generate the one-time access code. That is the strength and beauty of adding 2FA to your security stack and something every business should be using in today’s world.
2. Backup Your Data
Data backup is an essential part of any good security solution, especially in today’s world where data can be encrypted automatically by ransomware infections. A basic backup solution would be to simply copy your files to an external backup device, like a USB hard drive or a network-attached storage (NAS) device. For maximum protection and recovery it is critical that your business implement a full featured backup & disaster recovery (BDR) solution. Such a solution would allow you to encrypt your data during the backup process and then copy it to an onsite storage device and then to an offsite storage location in the cloud.
Backing up your data to an onsite storage device allows for faster recovery of files, especially if your business has a slow Internet connection. The beauty of an advanced BDR solution is that if your onsite backup fails, or is stolen or lost in a fire, for example, you can still recover your data from the cloud-based copy of your backup files. A good rule of thumb – NEVER have just one copy of your backup. That’s a recipe for disaster! And be sure to test your backups on a regular basis to confirm that data can be recovered.
Learn more about our full featured BDR solution and how we can help protect your company from catastrophic data loss.
3. Install Antivirus Software
Seasoned hackers can easily infiltrate a company network by sending specially crafted email messages that include malicious links and file attachments. Those types of email messages are known as “phishing” messages because they contain “bait” that the hacker hopes will fool your employees into clicking or opening. An untrained employee will often times take the bait and click on the link or open the file attachment. The malicious email messages are often designed to appear as legitimate messages from people and businesses that you know and trust. The file attachments they contain are infected with a virus just waiting to be unleashed upon your network.
Your first line of defense for something like that is to deploy a robust and up-to-date antivirus software application to all devices on your network. This includes having a gateway antivirus solution on your company’s firewall that can catch viruses before they enter your network. Take it a step further and incorporate cloud-based email security and filtering solutions that can catch viruses before they even have a chance to make their way to your firewall.
In the early days of the Internet having basic antivirus software was all you needed to make sure that hackers could not infect your computer with a virus. That’s not the case in today’s world and if you’re relying on free antivirus solutions available on the Internet you might as well not even have antivirus installed. Why? Because threats have become more advanced. Hackers have become more intelligent and their methods more elusive. Even novice hackers, known as “script kiddies”, are able to purchase hacker tools on the dark web and launch attacks against any target they choose. Your business needs more advanced protection – the kind of protection we provide in our Managed Security Services.
4. Install A Firewall
One of the best ways to plug a majority of network vulnerabilities is to install, and properly configure, a business-class corporate firewall. By default, all inbound traffic to your company network should be denied. Create access rules for inbound network access on an as-needed basis only. And for users who need remote access to your network be sure to setup VPN connections for them to secure the inbound connection. Your firewall, or other VPN device, should never allow the VPN client software to remember username and passwords. That would make it easier for an attacker to successfully penetrate your company network using a stolen laptop, for instance.
Many companies fall short in their network security strategy by allowing all outbound access from their corporate network to flow unrestricted. In addition to restricting inbound traffic to your network you should also make it a point to restrict, and tightly control, outbound access from your network to the Internet. By allowing your employees to make uncontrolled and unmonitored outbound connections to the Internet you are opening up your business to a massive amount of exposure from the outside.
With a business-class corporate firewall you can also purchase add-on security services that provide additional layers of protection beyond what just the firewall alone can provide. In today’s advanced world your business needs a next-generation firewall with security services that can protect the connection at all layers of the OSI model. Our Fireshield managed firewall service is designed to do exactly that.
5. Employee Training
Make it a priority to train and educate your employees about potential cybersecurity threats because, like it or not, people are the weakest link in your security plan. Security training should be a major priority in your business especially if your company is subject to federal compliance requirements like HIPAA. Your employees should be thoroughly trained to understand the differences between safe and unsafe network and online activities. Be sure to have an Acceptable Use Policy that clearly defines what is, and is not, allowed when it comes to your company’s corporate policies pertaining to proper use of the company network and the data and devices on it.
Employees should not be allowed to share the company’s data with anyone outside of the organization unless it’s required for business. Visitors should not be allowed to access the company’s server room or any other part of the office that contains network devices. This restriction should also apply to your employees unless they are members of the IT department or any other department that has a viable reason for accessing those rooms.
Technology can be configured to keep employees accountable but in the end your employees need to be properly trained. Don’t allow employees to use personal devices on your corporate network unless you have some way to monitor and control them. The best strategy in terms of network security is to not allow any personal devices to access your corporate network. If you are going to allow employees to use their personal devices on your network then consider segmenting your internal network so that personal devices are forced to operate in a zone that does not have direct access to your company’s data.
For more information about protecting your data and managing IT security visit our site often!
Want more information? Schedule your FREE Consultation today.