Every new connection—possibly a new client, new vendor, or new collaboration—could leave your business to unexpected security risk.
Even if you do all the necessary IT Security prevention to ensure you’re on the least likely list of cyberattack targets, chances are someone networked directly to your business is not.
In a world full of ambitious criminals looking at ways to exploit American businesses, making sure that all of your business relationships comply to basic security standards is essential.
To make sure your business is secure AND your relationships with other businesses will not compromise your information security, keep the following two questions in mind:
1. Is Your Information Security Comprehensive?
First, make sure your house is in order. Do you know that your IT Support is making security a priority? Are they keeping you informed on what they’re doing? Are they providing you concrete evidence that what they’re doing is working? Are they regularly monitoring your network and applying any needed preventative maintenance?
Keeping a top-level view over your IT Security nowadays is critical. At minimum, knowing your client data, vendor data, employee data is secure, backed up and hard to access by those who shouldn’t have access should be something you ask your IT Support team about. (If they don’t have a solid answer or can’t get you one quickly, maybe there are hidden problems once you scratch the surface).
2. Do Your Business Associates Take IT Security Seriously?
While your network should have a boundary, a firewall that protects your users and data from easy entry from criminals or prying eyes, assuming that a firewall is a catch all for malicious activity and cyberattacks is often a reason why businesses fall victim to attack in the first place.
One of the biggest vulnerabilities once your IT Security is in place and being monitored is vulnerabilities in your partners’, vendors’ and business associates’ networks. Do you have vendors that store sensitive data for you (credit card numbers, social security numbers, contact information, any personally identifiable info)? Do you make large financial transactions with other business partners?
What if their network were hacked and the billing department sent you a seemingly legitimate request for payment or additional information to update their system? Would your team know to flag the email?
In all likelihood, your business uses vendors that don’t pay enough attention to security and ultimately make you vulnerable. (And from many security audits, I’ve found that IT Support Teams can be some of the worst offenders!)
Whether you’re uncertain your business’ security measures are adequate from stopping a modern cyberattack or you’re worried that some of your vendors may be mishandling your sensitive data, everyone should be focused to maintain a minimum level of security that ensures adequate protection.
Below are the 5 most important security defenses EVERY business should be taking to avoid having their data leaked:
Strong Passwords— while passwords may be one of those topics everyone mentions (or thinks of) when talking about security, one of the most surprising observations we see when we assess a company’s network is finding weak passwords (meaning they’re so common hackers can crack them within seconds ), passwords used for more than one login (users often use the same password for all of their accounts, which means when one account is compromised, they all are), and passwords that were never updated (if a password is compromised, other thieves may eventually try it to crack into your network).
To avoid weak passwords on your network: make sure to define a password policy that incorporates length restrictions, and requires letters, numbers and other characters. Instead of making passwords more complicated with random strings of characters, consider making passwords longer, but easier to remember by combining random words together: “using44woodensuccessfuloutline!”.
Establish a policy that forces users to update their password occasionally (this is most important for important credentials such as email and user logins that have access to sensitive data). One common rule of thumb is enforcing password updates on a monthly basis.
Make sure that your team understands not to use the same password for everything. While this may make life easier up front, the consequences for keeping a single password protecting all of your business accounts can lead to more leaks, opportunity of data theft or loss, making your business an easier target for cyberattacks.
Monitor Who Has Accessibility To Sensitive Info— many businesses have too many people with access to things they shouldn’t be viewing. Do you know who all has access to your data? What about applications like Quickbooks and your SQL databases?
How are they accessing it and for what reasons? If your team is accessing sensitive information, is that because their job requires them to? Understand accessibility throughout your company and make sure that someone on your team or your IT Support team has satisfactory answers for who, what, when, where and why questions!
Who is accessing what data? When are they accessing it? Why do they need it? Should they have access and is this information really needed for their work or is it exposing your business to unnecessary security risks?
Keep Data Safe—know where your data is and that it’s stored in locations where it cannot be easily physically stolen. Make sure your databases are protected, too. It is far too common these days to see an injection attack on your SQL databases that can give a hacker complete access to sensitive data, simply by submitting a malicious query.
Monitor Activity On Your Network— Another problem I often see with IT Support is that no one is regularly monitoring your network. In the event of an attack, someone regularly monitoring your network should be able to see suspicious activity, and should certainly be able to recognize the signatures of a hack. If your IT Support Team isn’t keeping network monitoring a priority, they are likely as effective as the sleeping security guard.
Educate and Keep Users Engaged— in an ideal world, IT Support would tackle your network security without user participation. But of the biggest reasons businesses get hacked or lose data is because users are unengaged or misinformed in practices to prevent cyberattacks.
Having your team engaged and ready to call your IT Help Desk or Support Team when they have issues—including suspicious problems on their machines—makes your business that much more equipped to handle issues. With ever growing sophistication and popularity of phishing attacks, malicious links and websites, hackers are getting better at playing with your users’ fear and emotions. If your users aren’t engaged with their IT Support Team, they may be doing more harm than good when it comes to your network security.
Do Your Trust Your Network Security?
If you’re too busy or are unsure what you’re looking for when it comes to IT Security and are simply assuming everything will be okay, is that good enough? Are your sure your sensitive data is being kept safe? Are your users or vendors leaving open doors for attacks or information leaks? Contact Us Today for a FREE network security assessment!