We recently published a list of the top 10 IT challenges facing small business in 2019.
We are now on part 3 of our posts looking at these challenges in a bit more detail and providing hints and tips on how small businesses can try and overcome these challenges themselves, whilst also showing where fully managed IT support can help.
Part 1 concentrates on overcoming waiting until something breaks, root causes not being uncovered and integration issues. Part 2 concerns itself with backup and disaster recovery issues.
Continuing that today we are going to look at the following issues:
Security Risks
For very small businesses we’ve produced a useful infographic and accompanying blog that provides some really useful information on protecting your business and data from cyber security threats.
There are lots of facets to cyber security and you need a multi-layered approach. It’s important that you understand that technology is part of the solution, but it sits alongside processes, procedures and, perhaps most importantly, people.
What do you want to achieve?
OK, you want your business to be secure, but what does that actually mean?
A good approach is to start with a basic framework, such as Cyber Essentials. With this approach you understand that you’re working toward a certain standard and you know what that standard is.
The Cyber Essentials standard sets out 5 technical controls that are needed for a basic level of cyber security.
- Secure your internet connection
- Secure your devices and software
- Control access to your data and services
- Protect from viruses and malware
- Keep your devices and software up to date
Secure Your Internet Connection
Installing a firewall will help secure you internet connection. A Firewall provides a buffer zone between your IT network and external networks such as the internet. Within the buffer zone incoming traffic can be analysed to see if it should be allowed through on to your network.
There are two types of firewall; software and hardware. For all but the very smallest and simplest of networks we would recommend a hardware firewall device. A UTM (Unified Threat Management) Firewall offers the best level of boundary security. UTM devices consolidate multiple security and networking functions into one device. They help prevent data leaks, provides network intrusion prevention, load balancing and a gateway antivirus solution.
Secure Your Devices and Software
New software and devices are often provided with default configurations that are ‘open’. This provides the new user with the easiest connectability and usability. However, these settings leave the software or device vulnerable to cyber-attack.
Once you have new software and devices setup you should look to change the settings to raise security levels, disabling any features you don’t need for example. You should always make sure that both software and devices are password protected. Implemented correctly, passwords are an easy and effective way to prevent unauthorised access. But passwords are often too simplistic or used on multiple different accounts. Consider a password manager, which we’ve looked at in depth before.
Before any devices are used default passwords should be changed. Routers and Firewalls are often left with default passwords, providing a huge security risk. For especially sensitive accounts such as those linked to financial data, IT administration and personal data consider two-factor authentication to provide additional security.
Control Access to Your Data and Services
It is common sense to only allow people access to the software and data that they need to do their job. This is often overlooked, however, and this means that access to sensitive data can be left open.
Administrator Accounts should only be granted to those that need to make settings changes and install software. The majority of users only require a standard account. This is important because an attacker with access to an admin account can cause significantly more damage than one gaining access to a standard account.
Locking down software installation means that you can control what goes on to your network. Individuals can only obtain official, approved software reducing risk of downloading malware and viruses.
Protect from Viruses and Malware
The most widely recognised element of cyber security is antivirus software. It is a vital layer within your defence. Antivirus and malware protection are provided for free within operating systems. For example Windows includes Defender, whilst MacOS has XProtect.
With anti-Virus, as with most things in life, you get what you pay for. We’d recommend beefing up this basic protection. You can significantly improve your protection for relatively little money. Our recommendation, and a PC Magazine Editors Choice, is Webroot SecureAnywhere.
91% of cyber attacks start with an email so it makes sense to add email filtering to your arsenal of weapons. Tools such as Barracuda Essentials filter and sanitise every email before it is delivered to your mail server. The software uses virus scanning, spam scoring, real-time intent analysis, URL link protection, reputation checks, and other techniques to provide maximum protection.
Keep Devices and Software up-to-date
We covered device and software patching and updating in detail in part 1 of this series.
Any device that connects to your network must be kept up to date. This includes mobile phones, tablets, and any other Bring Your Own Devices (BYOD) that come into contact with your infrastructure.
Putting in place these 5 controls will put your business on the path to better cyber security. The Cyber Essential certification process will test these controls and provide reassurance to clients and suppliers that you are taking cyber security seriously.
Controlling The Biggest Threat
Even with all of the technical controls in place, there is still work to do.
Around 80% of all cyber crimes are preventable. Human error is the cause of these attacks. This is usually an individual clicking on a link or attachment on an email or visiting the wrong website. Very rarely is this malicious or intended. It is down to simple human error often brought about by a lack of training.
UK Government provide free online cyber security training for business. These courses are currently being updated. New courses will be available in 2019. However, there are no specific dates.
There are also paid for training solutions such as IT Governances’ Information Security and Cyber Security Staff Awareness E-Learning Course. For a business with 11+ users this costs just £20 per user and comes from an awarding body for Cyber Essentials. There are various other e-learning courses offered by the same provider. This gives follow-up courses to extend employees knowledge.
Along with training it is important to put in place processes and procedures and communicate these to staff. These should cover what staff can and cannot do on their work devices, and their responsibility for protecting. Password policies are also useful. This should set out minimum standards for passwords and how frequently these should be updated.
How We Can Help
Whilst many IT Support Companies provide antivirus and email filtering as an ‘add-on’ at an additional cost, our support packages include enterprise grade antivirus and email filtering as standard. We can also provide and configure UTM firewalls. Hardware-as-a-Service is a fantastic method for obtaining a firewall solution. Utilising HaaS means no capital outlay just a simple low monthly cost, with renewal of the device every 3-years.
If you find yourself experiencing any of our Top 10 IT Challenges for Small Business then do not hesitate to give us a call on 0115 8220200 or Contact Us today. We’d be very happy to help.