Security is one of the most important aspects of a company’s IT infrastructure. Weak security measures provide an open door for outside parties to gain access to sensitive and proprietary data, commit fraud, and even put a company out of business. There is so much at stake yet many companies lack strong security protocols and don’t enforce security best practices making them easy targets. To protect your company’s assets here are some IT security best practices for small and medium sized businesses.
Strong Authentication Methods
One of the easiest ways cybercriminals get into IT systems is by exploiting weak credentials. It’s actually a fairly simple process. Most companies use employee email addresses as the “user name” credential followed by a password of the employee’s choosing. A simple Google search, scrolling through an employee’s LinkedIn profile, or even looking at an employee directory on a company website are all ways a hacker can get a hold of an employee’s email. With that information in hand, cycling through the most commonly used passwords or executing a brute force attack (via a specially designed application) can open the door to an employee’s account.
Employees should be instructed on how to build strong passwords. Additionally, they should be required to change them at regular intervals (every three months for example). Businesses can also implement two-factor authentication methods to add another layer of security.
Restricted Access to Certain Applications
Access to sensitive information shouldn’t be granted to all employees. Highly sensitive information such as financial records, customer contact data, and social security data should all be protected with strong authentication methods and only giving select employees having access to said information. For example, access to financial records should only be granted to C-level executives or employees in financial-related jobs such as purchasing, bookkeeping, and accounting. When all employees have access to all file systems and databases in the office, it increases the risk of a breach. Access to specific applications should only be granted to employees if the applications are relevant to their jobs – a much needed IT security control.
BYOD Policy
Gone are the days where you only worked in the office. Mobile devices, laptop computers, and wireless internet have created an environment where employees can work on the go or at home. Many times an employee will access company data or resources (such as their personal files or email account) through their own personal computers or mobile devices. While many businesses allow this flexibility for employees so they can work on the go or telecommute, it also creates risks to IT security.
If companies allow their employees to conduct company business on their personal devices, the company should enact a Bring Your Own Device (BYOD) policy that outlines best practices for accessing company resources from personal devices as well as tracks which employees are using which of their personal devices to work on company specific projects.
These are just a few IT security best practices. For more information on how you can protect your company’s digital assets, contact us today.