Do you think your organization is too small to worry about information security? Not so. According to a 2015 Internet Security Threat Report from Symantec, 43% of cyber-attacks target small businesses. To protect yourself against invaders and hardware failures, consider implementing the following four best practices:
1. Keep your employees passwords confidential by using an administrator password.
Do your employees share passwords? Do you keep a list of all of the passwords used by your employees in a little binder at the edge of your desk? Both of these are security threats that could leave you vulnerable to a data breach. In this case, the security hole does not even have to leave the building. A disgruntled employee could make life difficult simply by logging in with the shared password or taking the binder full of passwords on the way out. In either case, it will be difficult to prove who logged in and stole files because the logins are not linked securely to individual users.
Don’t make this mistake. Use an administrator password to gain access to all information on your servers, and make it a policy that employees never share their login passwords with anyone at any time.
2. Make regular backups of your company data.
A backup strategy, like insurance, works best when considered before everything goes wrong. Don’t wait for a system failure to think about the fate of your data when your server dies in the middle of the Wednesday workday. There are many great products on the market, and a trained IT professional can help you get your data backed up in no time.
3. Get a good antivirus system and keep it updated.
Sometimes the threat really is a stranger out there in the great expanse. Antivirus programs monitor your system and fix the hazard before it causes irreparable damage. Like a backup strategy, it’s best to consider implementing and updating your antivirus software before your computer screen empties of all but a cursor.
4. Educate your employees.
One of the most common ways of outsiders gaining illegal access to data is by social engineering.
Social engineering is defined as the psychological manipulation of people into performing actions or divulging confidential information. Phishing scams using fake emails and callers misrepresenting themselves to con employees would fall into this category.
Educate your employees about current social engineering scams. Many news outlets write cautionary articles about the latest tactics that con artists use to dupe innocent employees to give out improper information. Remember that new scams are added often, so keeping up-to-date is vital. Consider subscribing to a security newsletter like the one offered by Tripwire.
IT problems can quickly consume your workplace and pull focus from why your organization exists in the first place. Implement the ideas above and regularly adjust your information technology plan for the future.