5 Steps to ensure your data really is secure.

PCR Business Data SecurityBrowse any online news source and you are almost certain to read about some level of data security breach. Just last summer, Equifax, one of the largest credit bureaus in the US, had application vulnerability on their website that exposed the personal information of over 143 million customers!

This just goes to show that any business, however large or small, is subject to data breaches if not properly protected. But it’s not just hackers and viruses we have to worry about; we also need to guard against things like natural disasters. Sorry for all the doomsday talk, but data security really is that important! Our data is the lifeblood of our businesses and it’s essential that we protect it as so.

Below, I am going to discuss five steps to ensure that your data really is secure. In order to do that, we need to dig a little below the surface, and ask questions that every business owner should have answers to.

Step 1: Have a proper backup plan

Almost every business owner I talk to say they have a backup, yet when I ask them specifics about it, the usual response I get is “I don’t know.” Here are a few questions I like to ask:

  • If I ran away with your server today, how would you recover?
  • What is your recovery time objective? How long would it take to recover?
  • What is the recovery point objective? Would you lose any data?
  • When is the last time you tested it?

At a minimum, you should have the following information about your backup in writing:

  • What is the function of the server/device?
  • Is it business critical?
  • What is the backup frequency?
  • What is the retention?
  • Where is the offsite replication/datacenter?
  • What is the restore time for a total loss?
  • Where will the restore take place in the event of a total loss?

Below is an example of a chart that we would use to answer these questions for our clients.

Server/Computer Name

Function Business Critical Backup Frequency Retention Replication Restore Time Restore to:
SERVERFS01 File Server Yes Hourly 6 months Cleveland Data Center 4 hours

Datacenter

Breaking it all down… In this scenario the recovery point objective is 59 minutes, meaning that 59 minutes of data could be lost. The recovery time objective is four hours, meaning this server would be unavailable for four hours. The backup is replicated offsite so if the environment is destroyed the backup would be available there. Finally, the server would be restored to a cloud server and users would access it over the internet.

This plan should be tested annually. The test may be the most important part, and management needs to participate to be sure that what has been defined can actually be accomplished. You must also be sure that all the parameters are acceptable, for example, if you can’t afford to be down for four hours you will need to implement a better solution. There is much more that should go into backup consideration but this simple outline will put you ahead of most businesses.

Step 2: Eliminate Administrator Access where it isn’t necessary

Viruses are types of software that can infiltrate your operating systems when a user clicks on a link and downloads something they shouldn’t. Fortunately, if a user does not have “admin” rights in the first place, they won’t be allowed to download any software period, thus eliminating 99% of viruses. So be wise about who has admin rights to your computers.

Step 3: Have a Password Lockout Policy

Have a lockout policy on all user accounts! This will all but eliminate automated software from trying to guess passwords. If, for example, the attacker only gets five attempts to log into an account before it is locked, it will greatly reduce the chance of the attacker ever being successful

Step 4: Use Two-Factor Authentication

Two-Factor Authentication is a method of confirming a user’s identity through a combination of two different factors. This could be something they know, something they have, or something they are.

I strongly advise using Two-Factor Authentication for all services open to the internet. This will help prevent an account from getting compromised and in some cases even makes password management easier. Some of the popular services that attackers like to prey on are: Office 365, VPNs, remote access services, and DropBox (just to name a few).

Step 5: Have the following in use and up-to-date:

  • Centrally managed antivirus
  • Perimeter Email filtering
  • Unified Threat Management Firewall that includes:
      1. Content Filter
      2. IP Reputation Filter
      3. Intrusion Detection & Prevention
      4. Sandboxing

While there are many other things that need to be considered when securing your data, addressing and implementing these five things will get you ahead of the game. We offer a free review if you need help determining where you are at with these items.

Hopefully this report acted as an eye opener to all small business owners who are not adequately protecting their data and computer network. If you are not doing the [5] steps outlined in this report, your network is an accident waiting to happen and the most important thing for you to do now is take immediate action towards protecting yourself.

One of the biggest, costliest mistakes you can make is to ignore this advice with the false hope that such a disaster could never happen to you.

Because you have taken the time to read this article, I would like to offer you a FREE Network Security Audit. Normally I charge at least $500 for this service, but as a prospective client, I’d like to give it to you for free as a way of introducing the PCR Technology Success Process to your company.

During this audit I will come on site and…

  • Pinpoint any exposure to or risk from hackers, viruses, spyware, spam, data loss, power outages, system downtime, and even employee sabotage.
  • Review your system backups to make sure the data CAN be recovered in case of a disaster. You don’t want to discover that your backups were corrupt AFTER a major disaster wiped out your network.
  • Scan your network for hidden spyware and viruses that hackers “plant” in your network to steal information, deliver spam, and track your online activities.
  • Look for hidden problems that cause error messages, slow performance, and network crashes.
  • Answer any questions you have about your network or keeping it running problem free. I can also give you a second opinion on any projects you are considering.

How To Secure Your Free Network Security Audit:  Simply fill out the form on the right side of this page and I will be in contact right away.

Happy (and Safe) Networking,

 

Patrick Carroll, President
PCR Business Systems
www.pcrbusiness.com