In today’s virtual world, business owners invest considerable effort and resources, vying against black hat hackers to preserve the security of their sensitive customer and company information. Black hat hackers, as opposed to harmless white hat hackers, constantly search for any weakness in a network’s line of defense.
All of an institution’s information is considered an asset. Information includes not only text, but images or audio files as well. Programmers’ assets can involve code to test theories or a prototype of the next new tech gadget. In this case, they certainly want to protect their secret recipe! With cloud based platforms for group collaboration, this scenario becomes particularly sketchy from a security point of view.
Larger institutions have regulations and special restrictions in place for each sector of their information and an IT team to enforce management’s policies and tend to the company network. If you have a small to moderate-sized business with only about 5 to 25 employees, you will likely not have the budget for network architects and sophisticated monitoring. If your business is outside the metropolis in areas such as Nogales, Rio Rico or Tubac, you may also have a more shallow pool to choose from in your search for IT professionals.
Small business information is just as deserving of great protection as that of the enterprise scope. However, most entrepreneurs have enough to keep them busy without having to constantly stay abreast of the latest virtual threats. Here are 7 precautions you can take to keep your valuable databases and online activity hidden from the prying eyes of nefarious black hat hackers and establish security within the walls of your business:
1. Secure your building
The first layer of IT security is to secure your business’ physical parameters. Even though so many transactions take place in the cloud, physical threats can still be present. Restrict areas containing company machines to employees only. If you own the building, install an alarm system with video surveillance that notifies local authorities of intruders. Keep the system code to yourself or another trusted key holder!
2. Firewalls and Antivirus
Right behind physical security is having your firewall protection turned on to protect your ports and a good antivirus installed for all computers on the network. There are many effective and affordable programs to choose from. Create secure passwords for network routers to prevent piggybacking.
3. Parental controls
Create a strict policy that only company email and approved sites and software can be used on computers. This means no social media browsing, online games, or personal email unless it is part of a work related project. For small companies with no more than 20 computers, a Workgroup can be a viable way to create a closed network in which you can use parental controls to block certain websites. This will help avoid unauthorized browsing and risk of virus infection. Everyone in the Workgroup can share files, folders and peripherals.
Restricting personal cell phone use at workstations can provide additional security since employees can take photos of valuable information and potentially share to an unseen recipient.
4. Block permissions for foreign storage devices
Install USB drives or other external hard drives to your company computers and deny permissions to install any other external drives. This way, employees cannot bring in unauthorized drives to use on company computers.
If your computers run Windows OS, check out this link to learn more about permissions http://bit.ly/1VkeFB0, or this link http://bit.ly/1WJBizY for Mac OS.
5. Key loggers
Yes, this seems ugly but sometimes it’s necessary. You can install key logger software or devices to track employee activity in case of a breach. Key logger materials are anywhere from free to about $100, so it’s a good idea to do some research on products before choosing one. This link provides good advice for selecting the best key logger: http://bit.ly/1WJBizY
6. Passwords
Set all computers to open with “Ctrl-Alt-Del” after start up to help prevent rootkit viruses that can enter before the BIOS firmware boot process. Each employee should be assigned a workstation and required to memorize a secret login password. Sharing passwords should be strictly forbidden and using other employee’s computer should be forbidden except under special supervised circumstances. Remote access should only be allowed by the business owner or authorized IT professional in case of system malfunctions.
Sometimes work has to be taken home. If you want to grant employee access to work files from their home computer, set the permissions to where folders and files are password protected.
7. Use a security template
If you’re not sure how to go about setting your policies in place, you can get some help from an IT security template. Knowing whether or not your business’s security is adequate can be overwhelming, but the good news is, there are tools available to you to guide you through setting up and implementing security policies, sparing you from having to draft it all from scratch. IT Toolkit is one resource that has a template to help you get your security up and running. http://www.ittoolkit.com/