Sadly, tales of lost customer data are all too common these days. What’s more, business-critical devices like servers, laptops and desktops are increasingly being targeted by ne’er-do-wells who want to compromise and/ or steal company data. But with these threats becoming increasingly sophisticated, how do organisations prevent thefts that may affect their own or their clients’ data? MT asked Symantec’s Andrew Douglas for his top tips.
1. Take security seriously
A recent Symantec study revealed that as many as one in four customers would take their business away from a supplier if there was a major IT outage that put private data at risk. IT security, or the lack thereof, can have a very real and significant impact on your business’ bottom line – so take it lightly at your peril. A variety of effective solutions are available on the market for prices that won’t cost the earth and could prevent the loss of some very valuable clients.
2. Share responsibility
These days the majority of employees have access to computers and the internet during their working day. As a result, every single employee can be at risk of inadvertently exposing IT security gaps, so it is important that everyone is aware of the dangers – and, most importantly, how to avoid them. Regularly educating employees on the latest emerging viruses, as well as sharing best practice guidelines about how to behave online, can ensure that there are no weak links in an organisation’s defence.
3. Build your defences
Defend all IT gadgets that link to the internet, including PCs, laptops and mobile devices, and ensure your security patches are up to date. In addition, your antivirus definitions and intrusion prevention signatures must also be updated regularly. Consider deploying a personal firewall to help control network traffic to any of the tech devices that have to access your network. Also, be sure to enable the security settings on Web browsers, and disable file sharing.
4. Be strict about passwords
Encourage employees to develop strong passwords with at least eight characters, and a combination of numbers, letters, and special characters. Recent research has shown that people tend to use the same passwords every time they go online, which means more than 1.7m people are at risk of falling victim to internet fraud. Ensure your business isn’t at risk by changing all passwords every 45-60 days, to make it more difficult for intruders to access your data.
5. Beware of spam
Spam is the leading source of malicious software entering networks today. It not only diminishes productivity, but also puts a strain on storage and bandwidth requirements. Deploy anti-spam technologies at the mail gateway to proactively protect your environment and reduce the burden on your staff.
6. Prevent infection
All network-connected computers and inbound/outbound traffic should be monitored for signs of unauthorised entry and malicious activity. Ensure any infected computers are immediately removed from the network and fixed as soon as possible. Also, create and enforce policies that identify and restrict applications that can access the network. To ensure they have the latest protection, small businesses should apply operating system and security software updates and patches as soon as they are released. In order to protect against successful exploitation of web browser vulnerabilities, upgrade all browsers to the latest versions.
7. Avoid the con-men
Cyber-criminals are preying on the public’s fear of IT infection and selling fake anti-virus software, commonly referred to as ‘Scareware’. Scareware pop-ups closely resemble legitimate anti-virus software, and are designed to trick people into downloading them. Scams such as this can net cyber-criminals profits of more than £850,000 a year – and as many as 93% of internet users download Scareware intentionally, believing they are doing the ‘right’ thing. Designate a single member of staff to be responsible for ensuring anti-virus software updates are downloaded for the entire company and are sourced from a trusted supplier.
8. Stay informed
Several companies publish reports that help define the threat landscape for small businesses. These reports can be found on their websites or through online searches. This is a great way to stay informed about what you’re up against.
9. Don’t forget physical security
There are a number of routine physical security tactics that employees within smaller businesses can use to help strengthen their companies’ security defences. These include: using the screen-locking feature when away from the computer, shutting the computer off when done for the day, locking laptops with a cable, not leaving passwords written down, and being mindful of the physical security of mobile devices and laptops (which are popular targets for theft).
10. Back up your data
For any number of reasons – disaster, human error, hardware failure, and so on – your IT system could be brought down. It is critical to back up important data regularly and store extra copies of this data off-site. Since tapes containing confidential customer or business data may be lost or stolen in transit, encrypting those backup stores is a good idea.
Andrew Douglas is Vice-President of SMB at Symantec