By our friends at Chill IT
…Not the physical type, where locks and alarms and cameras can help protect your premise, but IT security, easier to underestimate because you cannot actually see it at work.
IT security is a very complex field, and it it should be seen as a spectrum, just like physical security; and just like physical security you should consider the minimum standard below which risk becomes unacceptable; let’s look at simple measures to get your business at least to that level.
Passwords
There are schools of thought regarding regular password changes: those that are against it claim that frequent changes lead to the choice of easier passwords, while those in favour claim that changing regularly makes it harder for brute force attacks to crack the password; regardless, nobody argues against the importance of complex passwords – really complex. Forget using @ instead of the letter a, or 3 instead of the letter e, just make stuff up! Use symbols, chuck a capital letter or two in the middle, a sprinkle of numbers and your passwords will be almost un-crack-able – unless you share it (you shouldn’t), then you will have to do it all over again. It goes without saying that no password should be used more than once –a password manager to help with that.
Multi factor authentication
Although it can sometimes be annoying to have to confirm login by entering a code received on the mobile, or by answering additional questions, it adds a very important level of security. It is a bit like locking the door on the way out instead of just of pulling it shut – worth the extra step!
Admin access
Does everybody in the company have download rights and the permissions to modify settings? Best practice recommends restricting admin access as much as possible as a key to maintaining control of the network and reduce risk.
Backups
This should be a chapter in itself but, to make a long story short, backups should definitely be:
- Scheduled regularly
- In multiple copies on different media and in different locations
- Monitored and tested to confirm success and veracity
- Encrypted
Antivirus
Not all antivirus are equal, so choosing the right product for the job is paramount to ensure maximum protection; antivirus should also be monitored for prompt action if needed, and regularly updated to cover for the always-evolving threats.
Firewall
A firewall can either be a software or a hardware device, and it acts as a filter for data both entering and leaving the network (or just a computer). Like a security guard, it decides who enters or exits the premise.
Patching, patching, patching!
The importance of regular software updates cannot be overstated. Software vendors are always releasing patches as soon as they find a new weakness. The outbreak of the Crypto-Locker Wannacry in 2017 would have had a significantly smaller footprint had all machines been updated!
Contact the experts at Chill IT for a conversation around any of the above issues!
