Information Technology and Business Success
Information Technology (IT) is an important factor contributing to business success, as it increases flexibility, efficiency, and productivity. Yet small businesses are common targets for hackers and are vulnerable to cybersecurity threats because criminals (often rightly so) assume that there may be few security controls in place. Therefore we encourage our clients to follow some basic protocols to help keep their data secure:
Training: Establish security policies for your workforce to follow, including Internet use guidelines. Train employees to understand the dangers of visiting unsafe websites, how to recognize phishing emails, and why they should not open an attachment or click on a link that is questionable or unexpected.
Protection: A firewall prevents outsiders from accessing data on your private network. Make sure your operating system’s firewall is enabled and properly configured. Anti-virus software should be installed with patches/updates kept up to date (scan after each update). Using the latest web browsers and operating systems helps defend against viruses, malware, and other threats. Beyond that, only select employees should be able to install software.
Passwords: Each user should have unique credentials (user name, password), which they are required to change/refresh every quarter. Require passwords that contain a combination of numbers, letters, and characters. Discourage employees from using the same password for multiple sites and systems.
Wifi: Have both a public and a private wi-fi network. The private network should be secure and encrypted. Hide your private network so that the network name (SSID) is not broadcast.
Need to Know: Be stingy when it comes to assigning administrative privileges. While it’s easiest to just “let everyone have access to everything,” enable restrictions that limits data access only to those employees who have a legitimate need for the data type/system.
Restrict Access: Prevent computers from being used by unauthorized individuals. Laptops and mobile devices are particularly vulnerable to theft, and should be secured (locked up) when not in use.
Suppliers & Vendors: Establish (and enforce) security policies for suppliers and vendors who have access to your company data. Meanwhile, when employees access company accounts (bank accounts, credit card accounts) on line, the most redundant and stringent security protocols should be enabled (multi-factor authentication).
Test & Back up: Test your systems and regularly back up your data. Audit your backups to make sure the data is not compromised. Securely store backups off site or in the cloud.
Don’t forget: these basic protocols apply to all devices: desktops, laptops, tablets, smart phones. Mobile devices, in particular, are often overlooked, and therefore are often a hacker’s go-to access point.
Please contact Mark Zinman, CITP, with any questions or comments at 215-357-2250 or email@example.com.