As business owners, we see the headlines every day. Data breaches aren’t going away and hackers are getting better at their jobs. That’s why safeguarding your company data is more important than ever. Small and medium-sized businesses have become big targets for hackers because cyber criminals know that many don’t have the same sophisticated safeguards in place that larger businesses do. This makes smaller firms easier targets.
But, it doesn’t have to be this way. There are plenty of ways that small and medium-sized businesses can bolster their security and make it harder for hackers to break through. It starts with evaluating your security policies and ensuring you are doing the right things, in the right way.
Check out our list of best practices for data security and see how your business stacks up.
Reduce Vulnerabilities from Remote Users
One of the biggest vulnerabilities on your network comes from executives or employees that access your network remotely. Cloud computing and convenient Wi-Fi access in every coffee shop has made it easier than ever to work from anywhere. That’s why it’s important to establish habits and guidelines for remote work that keep your network and data as safe as possible.
Use Secure VPN
Anyone who accesses the network remotely should do so using a secure connection called a virtual private network (VPN). VPNs enable your employees to secure and encrypt their communications and are especially useful when accessing the internet from public Wi-Fi hotspots that are not secure.
Connecting via a VPN requires that remote workers install VPN software on any computer that they use to access your network. The software is easy to install and use and adds peace of mind, while allowing employees to be productive offsite.
Don’t Store Data on Personal Computers/Company Laptops
In order to prevent sensitive company data from falling into the wrong hands, it’s important that data only be stored in approved locations. Cloud services, covered later in this post, are a great place to store work files, PowerPoint presentations, or any other work product.
Be sure to establish strict policies about where data can and should be stored. Employees should not be permitted to store data on their personal computers, since that information is not available on the network or backed up securely. Company information should also not be stored on company laptops since they can be stolen, leading to increased vulnerability.
Create an Acceptable Use Policy
One of the gravest risks to your network security is the people who use that network every day. That’s why it is so important to draft a comprehensive acceptable use policy that clearly defines how network resources should and should not be used.
Without guidelines, your employees could download unsafe software that can introduce viruses, malware, and even ransomware to your network and computers.
Every employee you hire should read, sign, and date your acceptable use policy before they are assigned login credentials on your network.
Your acceptable use policy should include:
Prohibited Activities
It is not enough to say that inappropriate uses of the network are prohibited. Instead, clearly spell out prohibited activities. Make sure you specify as many inappropriate uses as possible. For example, you might include types of prohibited websites (i.e. – pornography, gambling, gaming, cryptocurrency, etc.), or other prohibited activity such as software downloads or personal social media activity.
BYOD (Bring Your Own Device) Guidelines
Clearly outline if employees are allowed to connect personal devices to the network and the guidelines for doing so. You might also outline if and how company information will be stored on these devices.
Software Applications
List acceptable software applications that are permitted to be used by those on the network. You can also define applications that are not to be downloaded or used under any circumstances.
Enforcement Policy
Your acceptable use policy will only be effective if you plan how it will be enforced. Just because employees sign an agreement does not mean they will follow it. You must define the consequences of policy violations in advance, so employees know what to expect when they don’t follow the rules. Avoid rigid penalties and one-size-fits-all disciplinary structures. Instead, tailor penalties to fit the severity of each violation.
Finally, though your acceptable use policy will likely contain legal terminology, make sure it is clear enough to be read by a layperson. You want employees to read and understand the guidelines before they sign it.
Use an Off-Site Backup System
It is imperative to have a dependable and reliable backup system that saves your critical data to an off-site location each and every day. This safeguards your data in case a fire, theft, or natural disaster affects your main office location.
Depending on the size of your business and the information you need to safeguard, there are many solutions to consider. The best and most reliable is a cloud-based backup system that saves your data to multiple data centers and is available through the cloud. Smaller businesses might also maintain a dedicated backup drive that is taken home each evening and maintained off site.
Download the Latest Security Updates
While it may seem simple, you would be surprised at the number of systems we see that do not have the latest security updates installed. It is absolutely essential to perform these updates on a regular basis to minimize computer problems, prevent network slowdowns, and patch security holes that leave your network vulnerable to attack.
Be sure you are performing regular updates for all of the software on your system. Software updates often include patches that close security loop-holes or introduce new features that make your system run more securely. These updates need to be run on a continual basis to stay ahead of the latest security threats.
Utilize the Right Cloud File Sharing Tools
Cloud services have given businesses unprecedented access to information across locations, increasing productivity across the board. However, instant access to information via the cloud also means that data is vulnerable to being hacked or stolen, when it is not properly secured. For this reason, we advise against using consumer-grade services such as Dropbox or Google Drive to store important company data. The risk of data loss, theft, or hacking is just too great.
Instead, establish a business-grade cloud file sharing application and store all of your important files there. Don’t forget to establish backup systems for this data as well, as described above in the offsite backup section.
Also, be sure that employees do not store sensitive documents or company files in their own personal Dropbox or Google Drive.
One of the best ways to get started with cloud computing, especially for small or medium-sized businesses, is using Microsoft Office 365, which also includes OneDrive storage.
Ongoing Education
In addition to all the safeguards we’ve outlined in this post, your best defense to keep your data and network safe is ongoing education for everyone in your organization from the CEO on down. It is important that everyone understands the impact they have on company security.
All employees need to be trained on how to recognize and avoid potential security threats such as phishing attacks, unauthorized software downloads, or other behaviour that can leave your network open to hackers. While your employees are often one of your biggest vulnerabilities when it comes to data security, proper training can turn them into one of your best assets for safeguarding your network and your data.
So, how well is your company safeguarding the precious data on your network? Do you need help navigating the ever-changing security landscape? Based in Toronto, Ontario, Technical Action Group’s technology experts are here to help safeguard your vital business data. Just call 416-489-6312 or visit our site to schedule a free network evaluation.