There are a handful of individuals in IT who simply believe that if you just follow ‘the steps’ in which you are told, you will always be safe and secure.
However, as the years have passed, hackers have become increasingly volatile as small companies have become more vulnerable to such security breaches.
There are a handful of small businesses that will only look at security as a balance between reducing the risk and actually being able to use the systems, but believe it or not, the most secure systems are the ones that are disconnected and not being used. The problem with that is that you certainly can’t do business with a computer that you can’t properly power on in a timely manner.
Nevertheless, customers tend to be hesitant when it comes to suggestions from most IT providers, especially when the cost is mentioned. Regardless, the cost will always outweigh the hit that your security can take if you run into a serious problem. Once a customer fully understands the damage that could be involved, the cost doesn’t seem that expensive anymore.
In the end, it always comes down to this; good cybersecurity starts with great IT. However, a lot of small businesses lack that critical, custom care within their company.
Most business owners believe that if their IT department or company responds to their needs in a timely manner that they are a ‘good enough’ provider.
With that said, if your IT people are responsive but aren’t having regular conversations about the assets they have, the condition that they are in, along with what needs to be done to improve their security posture, then the risk has done nothing but increased.
Here are three ways in which you can implement better practices and further protect yourself and your company from possible security threats.
The 3 Steps
First: Make sure that the basics are secure and solid: AV, firewall, patching process (with accountability), and password policies are enforced.
Second: Make sure your backup can restore your environment in the event of something being down or even lost, and don’t forget to run a test and a fire drill of the backups.
Third: Is the simple question of how quickly can your team get everything backed up? This isn’t just a test to see if a file restores, you need to test to make sure that everything restores and that everything is functioning properly. It’s better to work out any recovery kinks while you can without the pressure of an actual outage or crisis. For example, if you’re having an emergency you don’t want to find out that you’re different software pieces aren’t working well together, especially in a full recovery situation. The end goal is for everything to come back up as expected. Sometimes the process of your backups will need to be changed in order to facilitate better recovery. However, you will only find this out by testing it first.
Additional tips and security tricks
MFA (Multi-factor authentication): First, make sure that everyone in your company is on the same page. Everyone should be creating a strong, unique password and from there, set up a second form of verification. This is seen in the form of an email or text message in which a code is sent to you to verify your identity. Yes, we all know that it’s a pain to have to do another step to log in. However, it’s needed to protect your identity.
User Training and Awareness: The biggest threat to your business simply sits between the keyboard and the chair aka your own employees. They need to be thoroughly tested and trained. So many risks can be stopped with the trained responses of email users.
Backups: If your backup testing above is too cumbersome, consider some more robust recovery systems. The priority here is answering the question: is it ransomware aware? You certainly don’t want a backup system that simply replicates and copies the encrypted files. You can’t recover if that’s the case.
Dedicated Proactive Process: You want responsiveness in your IT, but you can’t just have a responsive IT person/company/department, you will also need accountability. Good IT hygiene always starts with a dedicated process/person/role to look at and prevent future issues. The person who chases the problems can’t be fully effective if they’re also the person who chases the prevention of problems. The lowest-hanging fruit might get addressed, but over time it needs to move to a dedicated review of alignment and what further practices need to be implemented. Every company needs a solid, dedicated process that they can rely on.
Executive Level Input: As a leader, you need to know what your risks are. You need to be informed of the facts (regular analysis and maintenance) and you will need guidance on some of the decisions. Some of these can come from the IT department, but the real question is, are you getting someone that is qualified enough to talk at the business level you need about the impact of technology?
Lets get in touch
If you need help with putting a great proactive IT strategy together, please give Groff Networks a call at 518-320-8906, and we would be glad to point you in the right direction, even if it never benefits Groff NetWorks. In the end, we are here to help mitigate all of your security risks while implementing a dedicated process that’s right for you and your business.