There are few things more important for modern businesses than the implementation of adequate data protection security measures. If you’re not well versed in all of the below and adhering to best practice for all of them, your IT security will be seriously compromised. We strongly advise that you check this guide and take action immediately if any of the points we’ve listed are not currently or sufficiently dealt with by your company.
1) Password Policies:
We all know that we should be changing our passwords regularly – that they shouldn’t be too obvious, they shouldn’t be of family pets, or of easy to guess words like ‘password1’ or ‘harrykane!’ Requiring that staff change their passwords regularly and with a minimum level of complexity is the bare minimum security enforcement, or IT Security 101. With advances in Microsoft 365, you don’t even need a server to push these policies out. Don’t be complacent because when GDPR comes into effect, if you suffer a data breach this might be the first thing that they ask you about.
2) A Sophisticated Firewall:
What’s the difference between a router provided by an ISP and a business class firewall like WatchGuard, Sonicwall or Cisco ASA. Ask your business IT support company this question and they’ll give it to you in detail – constant updates and patches, intrusion detection and VPN clients features – any security professional will tell you that the difference is vast. These firewalls can be likened to the difference between leaving the keys in your car versus employing a crook lock and an alarm. They do cost a bit more but any IT company would advise you that they’re worth it.
3) Anti Virus:
Are you using a paid for antivirus? Will it update it’s virus definitions regularly and report problems? Will it catch the latest threats? We’ve noticed that the latest antivirus technology takes a new approach. Whereas most AV will scan files and try to prevent infection,the best AV will now look for patterns in the computer usage and lock it down if it notices something suspicious, eg encrypting files in the background. Have a look at SentinelOne. Certainly not the cheapest but a new generation of AV that can really make the difference.
4) Web Filtering:
Many decent firewalls will offer web filtering as an add-on. This allows you to exclude your users from classifications of websites such as pornographic or gambling. They’ll let you specify times at which employees are allowed to visit sites which undermine productivity, like Facebook (unless you’re a social media marketer!). Websites can often store malware that infects your user’s computers. Filtering them out at the source can save a world of pain.
One other consideration is whether your users are mobile and can simply work from home or in an internet café. If this is the case, you might want to talk to us at Correct Group about our cloud-hosted web filtering product.
5) Admin Privileges
How many times have you heard your staff say that they need local admin rights on their computers to install programs? They don’t! Set up one admin user so that your staff don’t accidentally install malware. Better still, let your IT support company control access so that you get an expert opinion every time they want to click install on an app promising them the world!