WaterlooSecurity   Contact Us   888.947.2549 (24 hrs)

Top Security Tips for Small Business

To pinpoint the best bang-for-the-buck security tips for small and medium businesses first we need to understand what are the biggest and most common threats that SMBs face.

From a local or internal point of view the most common threats that pose a significant risk for a small company are:


  • Malware & fishing. Malware (viruses, Trojans, spyware and any malicious programs in general) and fishing scams are threats that are enabled by the victims, usually by following a link and browsing to a malicious or infected web site.

  • Imperfect physical security. Computers and very especially laptops with sensitive information are stolen every day.

External threats are scary because they are open to anyone in the world with an Internet connection. At all times there are malicious hackers and compromised computers scanning for vulnerable systems.

You may not have any services exposed to the outside; check with our scan if you are not sure. For offices with servers accessible through the Internet the biggest threats are:


  • Exploitable system vulnerabilities, most of the time due to unpatched software (operating systems or applications that haven’t been upgraded) or running unnecessary services.

  • Weak passwords. Administrative control panels or server logins with poor passwords are broken into frequently with dictionary attacks.

Some of the consequences of a security breach are:

  • Loss or unavailability of sensitive data
  • Disclosure of sensitive data
  • Using company’s computers as springboards to launch other attacks
  • Other (downtime, legal liability, tarnished corporate image etc)

To mitigate those threats the most important things to do are:


  1. Have a recovery plan. Most of the time this can be accomplished with good backups. A good backup is one that is automated (so that we don’t forget and it’s not susceptible to human error), off-site (so that we are protected from theft or natural disasters), frequent (enough so that not a lot of data is lost) and tested (check your backup periodically; you don’t want to find out after a disaster that the backup cannot be recovered).

  2. Protect from malware and fishing scams. Use anti-virus software and have it updated. Educate yourself and your staff about fishing scams. Use tools like FamilyShield or WOT, both free

  3. Encrypt sensitive information. This is especially critical for laptops that are taken outside the office. There are many encryption tools, for example the free and excellent TrueCrypt.

  4. Check for external vulnerabilities. There are several vulnerability scanners but their reports can be overwhelming to interpret if you are not an expert so this is better left to a security specialist.

  5. Keep your servers and applications updated. Update the operating system and the applications of your external-facing servers periodically or automatically.

  6. Use strong passwords. See our password checker article

    7. Security is a very complex issue that cannot be reduced to a few points but if you apply these tips you are improving greatly your security against the most common threats that small businesses face.

 

Questions?

For more information please contact us.


WaterlooSecurity

 

© WaterlooSecurity Ltd. 2009 - 2010