There are two critical mistakes that I see business owners and executives make when it comes to their company’s information technology, both of which can cripple a thriving business in the matter of minutes.
Mistake #1- Thinking a data security breach or system failure can’t happen to you. It can, it does, and if you let your guard down, it will. We see data breaches happen to small and medium size businesses every month, and business owners or CEOs all say the same thing—”we didn’t think it could happen to us.”
Mistake #2- Assuming that everything is set up properly, up-to-date, or that your employees are following the rules. It’s imperative that you are familiar with your IT so that you can make sure everything is in place and working the way it should. It’s just as important to educate your employees on best practices so they don’t do anything to jeopardize your network’s security.
Below are 11 critical IT components that you need to be sure are in place and working properly.
- Backups: Be certain your backups are doing their jobs. Know how to test them and be an active part of the process. This exercise will show you how long it would take to recover.
- Incidence Response: If there were to be a breach where is it most likely to occur? How will you recover? Who will it affect (which business operation(s)? How much downtime/data loss are you looking at? Is the sensitive data of your customers at risk? If their data is compromised what will you need to communicate? Will you need a layer? Will law enforcement be involved?
- Sensitive Data: What kind of data does your company store? Where is it stored? Is remote sharing like Dropbox™ allowed? Is it controlled, or is data being shared over hundreds of personal accounts?
- Licensing: Is all your software licensed? Compare agreements to all user accounts.
- Inactive users: Make sure inactive users are disabled and not continuously logged on. Make sure to review this periodically
- Permissions: Make sure users only have permission to access the data critical for their jobs. Review this periodically as well.
- Be Proactive: What steps are you taking to be proactive in ensuring a breach or data loss doesn’t occur? Are you providing user-awareness training? Do you use MultiFactor Authentication for all remote applications (e.g., VPNs, Office365, SalesForce, all web logins, etc).
- Patch Reporting: Make sure to receive and review all patch management reports. These will show the machines that have been updated monthly.
- Vulnerability reports: Review these at least monthly to assess vulnerabilities in your network and find resolutions.
- Review elevated credentials: Ensure only appropriate people have elevated credentials and that they don’t log into these account 24/7/365. Elevated permissions are for making changes only; not for everyday logins.
- Engage a 3rd party to do a best practice audit: This is not to question or discredit your IT team, but simply to get additional sets of eyes on your systems. IT systems can almost always be improved but there are costs involved. IT managers will often let items go after being told “no.” You can also think of a 3rd party audit as a proofreader for your network. Great writers never proof their own work. Why? Because it’s extremely difficult to catch your own mistakes.
If you have questions or are interested in having a professional team of experts “get eyes” on your IT, give me a call directly at (330) 572-7526 x 1001 or email me at firstname.lastname@example.org.
President, PCR Business Systems
PCR Business Systems is the leading technology solutions provider for small and medium size businesses in Northeast Ohio. We are currently offering a free Network & Data Security Check-up for area businesses who want to be certain their network is set up and working properly.