How to secure your data
in all environments
DC the Computer guy
The constant threat of cyber attacks brings many concerns to business owners. Among the things that keep me awake at night are ensuring that our own and our client’s data is secure and available, whether in the office or working remotely. I imagine this is true for many small business owners and managers. Having important data and emails always available to the workforce while maintaining network security is a challenge that we all must face, especially now.
At CLARK, we have a mobile workforce out of necessity. Our technicians need to be able to access information and emails while at customer sites. To ensure that CLARK’s data is secure, I have to be concerned with security wherever they are located.
IT ALL STARTS WITH POLICY
At CLARK, we have, out of necessity, established a policy that our information and systems can only be accessed by devices that are owned by Clark Computer Services. Understandably, not all small businesses are in a position to purchase mobile devices and so must rely on employees to use their personal devices. The potential security risks that come with this make it even more important to ensure that all computers with access to your business’s systems meet minimum standards for security before gaining access.
A well-written policy outlines the requirements that a personal computer must meet before this access is granted.
Among the more basic requirements are separate work and user accounts that are password protected, a good and updated antivirus program, lockout periods, and lock screens on wake-up.
As you can see, just managing these requirements on someone’s personal computer can be extremely challenging. Therefore, it is my recommendation – if you are in the position to do so – to restrict access to business systems and information to only computers and devices that your business owns. And if your business is required to follow government regulations such as HIPAA or CJIS, then it is critical that you ensure sensitive data is only accessed by devices owned by you.
ANTIVIRUS IS VITAL
Securing any device starts with ensuring it has antivirus and is continually updated. Believe it or not, we still see computers come into our shop without any antivirus at all. Others come in with antivirus installed, but it is turned off or expired. And then there are those that have gone months or years without any definition updates.
With a good managed service provider on your side (like CLARK), making sure that your company’s computers have current antivirus solutions being monitored for risks is easy, but when the computer is not owned by you or being properly managed, that tasks becomes almost impossible. Here atCLARK, we recommend buying business-class antivirus that alerts you when the agent hasn’t checked in or completed updates, that way, if your employee’s computer encounters a virus, even while away from the office, you’ll be alerted.
Using business class antivirus alleviates you from worry, allowing you the comfort of knowing your information is secure!
UPDATE. UPDATE. UPDATE.
I cannot say this often enough. Make sure your employees apply all updates, not only to operating systems like Windows but also to business applications like Microsoft Office. Not applying updates makes your computers vulnerable, and cybercriminals are targeting vulnerabilities! Software companies are constantly finding exploits and providing security patches to protect you. I recommend reminding your employees at least monthly to apply all updates and ask for email confirmation when they have been completed.
If employees work from home, ask them to verify that their home network is protected by a firewall. The purpose of a firewall is to protect networks from intruders. They’re necessary, whether it’s your business network or a home network. Many internet providers – like Comcast and Verizon – have firewalls built into the router/modem that they provide, but some leave it up to their clients to purchase their own firewall.
At CLARK, we advise asking each employee to check with their internet service provider to see if their network is protected with a firewall before allowing for work from home.
Note: Windows comes with a built-in firewall, and you should make sure it is enabled on any device that accesses your systems. While not a replacement for a firewall that protects the entire network, it is a necessary layer of protection. I’ve seen too many computers with the firewall disabled, very often as a shortcut to solving a problem. By the way, disabling a firewall is never an acceptable solution!
BACKUP. BACKUP. BACKUP!
Controlling computers in the workplace is much easier than remote devices, especially when it comes to backups. At CLARK, we use cloud technologies that allow us to work off a central system, whether at a client site, working from home, or in the office, but that’s not true for all businesses. If your business hasn’t adopted cloud technologies, employees are likely to share data through email and external devices, and save the files locally, making it impossible to control your data.
If this is the case, it’s critical to have these computers backed up regularly, otherwise you’re a hardware failure away from losing potentially critical information. We strongly recommend utilizing cloud-based backups. Before you ask, yes, using cloud-based backups can be extremely safe and secure. In fact, it is more reliable and secure than local backups – especially if you experience a catastrophic event such as a fire.
NO PORT FORWARDING
If your workforce connects remotely to access files and systems, such as your finance server, it’s likely through a Virtual Private Network, or VPN. In this type of network, the VPN tunnels are encrypted connections from their computer to your business network – the encryption keeps cybercriminals from eavesdropping on your electronic communication. In the olden days, IT technicians commonly allowed traffic into the business network through a process called port forwarding. That was before cybercriminals learned how to easily find and exploit this method of remote access.
Today it is considered dangerous and simply should not be used. When you allow traffic into your network, you are allowing free access to anyone anywhere in the world – not a wise decision.
CYBER AWARENESS TRAINING
At CLARK, we cover cybersecurity topics weekly in our staff meetings. I feel that covering one topic each week increases our overall awareness and encourages best practices, not only to keep our devices secure but also for ways to advise our clients on ways to keep their devices secure.
Incorporating security information into meetings is easy, and that constant drip of security awareness really improves the odds of keeping information safe. You can achieve the same result with a weekly email. The key is to be consistent and informative without being overwhelming – something as simple as reading and forwarding a cyber-threat article each week. If you want to know how to get started, Google: security awareness email to employees.
DO THIS ONE THING NOW!
Implement MultiFactor Authentication (MFA) wherever possible. A lot of businesses today have at least some of their systems in the cloud, like Office 365, DropBox, or a business management system. MFA provides another layer of protection and has been shown to reduce threats like phishing attacks by 99%. Doing this one thing gives you tons of protection!
Small business has evolved a lot in the past few years. Cyber attacks are no longer concerns only for big corporations, and working from home remains much more commonplace than ever before. Taking the steps now to ensure that your business information is safe, regardless of where your workforce is located, will help you sleep at night. It’s well worth the time, effort, and cost!
President And Owner
I left big business to start Clark Computer Services in 2003; not because I had a grand vision, but because I had three young children who needed their Dad around. Knowing I had to replace my salary, I went door-to-door visiting small businesses to introduce myself and ask if they needed IT support. I heard story after story from business owners and office managers about IT companies not returning calls and emails, grumpy technicians showing up late or not at all, and systems being down for days, weeks, and in some cases…months. I realized quickly that there was a clear and pressing need for reliable, honest, and professional IT support completed pleasantly and on time.