small business IT securityYou know that your IT infrastructure provides the foundation for workflow and productivity. Interruptions create slower client service, lost deals and employees with nothing to do. This makes small business IT security a top priority, but how do you deal with security issues? A simple three step process helps you take your IT infrastructure from exposed to secure.

Step 1 – Identify the Risk

Your company data security is most at risk due to actions taken by your users (employees). Visits to legitimate but unsecured or infected web sites. downloading virus-laden emails or disabling protections on computers for easier web browsing all put your systems at risk. You and your employees are the biggest risk to your small business data and systems security. Of course, even with minimal web browsing, there are other issues that can, and do, present challenges to a small business. Improperly configured networks or insecure or unreliable cloud servers also cause problems with data security, integrity and access. Once you know where the risk is coming from, you can take action.

Step 2 – Minimize Risk Factors

Most risks involve outdated or disabled security software, web usage or hardware.

  • Security software – So many times we find antivirus/antimalware software on systems but it is out of date due to expiring subscriptions or non-functioning due to neglect. Many small business owners are good about knowing they need an AV product but forget that the product is only as good as how often it is updated. Expired definitions are not going to help you with the most current viruses and malware. End users can also be part of the problem, when they have local admin rights to their computers they can shut off these important services to speed up browsing or to try and get to a web page that might be blocked by the software. Once they have done this, the system becomes vulnerable.
  • Web usage – Protecting your network against infections and external security threats takes a combination of a good firewall, solid antivirus software and a little bit of end user education. Some firewalls can inspect the web traffic and the sites being visited to look for signs of viruses or if a site may be black listed as a potential threat. Consider options at the firewall level where it may be able to keep your end users safe. Managed antivirus systems offer better control, and make both of these more user-friendly, but even un-managed antivirus software and firewall systems are better than none. Educate end users on how to look for signs of phishing in emails by hovering your mouse over a link to see if the pop up of where the link actually goes is the same as what is listed in the email. Teach them to not click so fast when searching for things on the internet, read the first few sentences shown in the search. End users think a site is legitimate because Google showed it to them. Even legitimate web sites can suffer from bad web security and can have their code compromised thus infecting computers that visit that web site.
  • Hardware – Networks can have limitations on the number of systems that can be linked optimally. Every workstation and server has physical limits on how much processing it can do and storage it has for holding data. When a network grows beyond capacity problems start to arise and end users start to use “creative” ways to work around them, sometimes compromising your security measures and putting data at risk. Hardware assessment and maintenance helps keep your infrastructure functioning as it should.

Step 3 – Plan for Disasters

Even with a great cloud provider offering top notch security, secure web browsing and brand new hardware, disaster can, and will, happen. You need to have an action plan in place. Forward planning should include what to do if your cloud server or local server goes down. Do you have an alternate? Can you still function with limited services? How do you deal with a computer or network infection? How often do you scan for attempted and successful incursions? Can you replace failing hardware in an emergency? If a server failed do you have a maintenance contract? All of these questions must be addressed in an emergency response plan.

Your small business IT security depends on your ability to identify your areas of risk, take pro-active steps for protection and plan for the worst. By knowing where the risk is coming from, you can implement prevention strategies. By planning for disaster, you can help minimize any related downtime. This three step process gives you the foundation for a comprehensive data security plan.