business security

Are you tired of hearing about all the ways your business security is lacking, or how you’re not protecting your business information sufficiently? Do you want your business to avoid becoming a data breach statistic and owing $158 per lost or stolen confidential record?

Good! There is no better time than right now to improve your business security so you can head into the new year on the right foot.

Discover the proactive approach to protect your sensitive business information: layered security. Layered security is an approach to securing systems that use “multiple components to protect operations on multiple levels, or layers,” according to Similarly, “defense in depth” refers to the use of several strategies and resources that “slow, block, delay or hinder a threat until it can be completely neutralized.”

Let’s get down to the nitty gritty of your business security then, shall we? Follow us as we walk through each layer of defense that can improve your business’ security posture right away.

First things first… Have you assessed what could or does threaten your business? Starting with a security assessment helps determine where your business is most vulnerable. Key security questions to ask include:

  • “Who has access to your business information, including passwords, financial accounts and customer information?”
  • “Are business computers being used for anything outside of the business?”
  • “Do you know how much your digital assets are worth?”
  • “What aspect of your business do you consider to be the most important?”

Using a security assessment offers you a big-picture perspective of your company, allowing you to evaluate and implement the right security measures to fit your business’ needs. Furthermore, it can help determine your current business security plan’s strong points so that you can focus more time on areas that need improvement.

Digital Asset: A digital asset is any form of digital material owned by an individual or company. Businesses have ownership over digital material if it was created on a company computer by one of its employees, or if it was custom developed for and purchased by the organization.

Addressing these and any other areas of concern will help you to fill gaps accordingly. Take for instance a common gap: only 29 percent of small businesses were using basic security tools like configuration and patching to prevent data breaches in 2015, a drop from the previous year (39 percent). Additionally, SMBs’ use of web security decreased — from 59 percent in 2014 to 48 percent in 2015.

Speaking of software… While anti-virus software is definitely a good start, you should also consider using the broader category of anti-malware software. Computer viruses are just one example of malware, which also includes spyware, adware and worms just to name a few.

A network firewall is an absolute must to protect your computers from the bad guys, and a software-based firewall is like a coat of armor that protects each of your computers individually. It makes sure that only the network traffic you want gets through the door and controls which door to use. On top of that, if you are hosting any sites or services that are available to the general Internet, consider using a web application firewall (WAF), which offers a deeper level of inspection of the traffic that you do allow into your network.

In addition, look into implementing technology or hiring a service provider that can scan your publicly-accessible sites for vulnerabilities before hackers find them first. These measures will help ensure that your sites and assets are not only safe for you, but also safe for your customers and partners. You certainly don’t want to be potentially responsible for spreading malware.

Regardless of which of the above measures you implement, stay one step ahead of criminals by keeping your software updated! Be sure that you’re always patching your software and updating your security software rules. Software vendors go through the same process to address exploits and vulnerabilities that they find in their products. It’s alarming how often businesses are compromised by a bug or exploit that had been fixed by the vendor in months or years past, but were simply never applied to the business itself.

On to hardware… There’s no way around it: you need computers and network devices to connect to a network. Keep in mind that routers and other network devices can act as a barrier between your private, corporate network and the public Internet. Implementing these devices can help ensure that your private network stays private. It can also prevent exposure of internal IP addresses or other sensitive network details.

On the topic of firewalls… Many IT pros believe that a hardware-based firewall offers greater protection than the software-based ones discussed above. A hardware-based firewall is able to look at the total traffic on your network, whereas the software firewall discussed above is concerned only with the traffic associated with a single computer. Fortunately, many of today’s routers already have built-in firewall capabilities and, because they have it “baked into the hardware,” they are typically able to process security rules and network traffic much faster. When in doubt, you can always implement both – another example of layering and defense in depth.

Get employees on board.

  • Teach employees to create strong passwords that are unique to each individual and each business account, and don’t permit them to be shared.
  • Implement multi-factor (also known as dual-factor) authentication that requires employees to verify their identity with a unique one-time-use code each time they sign into a system or website.
  • Educate employees about phishing emails and not opening any messages from unknown sources.
  • If employees use personal devices at work, ensure they password-protect them, implement security apps and turn on the remote wiping feature in case of loss or theft.
  • Only give employees access to information, files and accounts that are necessary to do their jobs, which minimizes the potential for damage if a comprise does happen.
  • Password-protect your Wi-Fi network and only allow employees to connect business-related devices via secure Wi-Fi channels.
  • Remind them not to share any sensitive (personal or business) information on their social media pages and to be mindful of criminals trolling social media pages to conduct social engineering.

31 percent of employees fall for phishing scams according to Duo Security. The company offers a free phishing assessment tool to test your and your employees’ vulnerabilities.

What if you don’t have an IT department? If what you’ve read so far seems confusing or even intimidating, consider outsourcing some of your technology needs. Many IT security companies are set up to assist small businesses fill technology gaps. They can even help you assess your vulnerabilities and typically offer cloud-based services so that you to make security updates via the web.

Putting all of these layers together. By implementing multiple layers of security for your business, you diminish the risks that threaten you and your company as a whole. Those risks include compromise of your sensitive business or customer information, fraudulent credit lines opened in your or your business’ name and takeover of your financial accounts. Ultimately, upping your business’ security measures is just one of the many steps you take to keep your business thriving.