There is a Silver Lining
I get it; computer security at work can be a pain. Having to change your password regularly is a hassle. Not being able to shop, stream and be social on any site you want may seem Orwellian. But let us take a step back. What is the purpose of business IT? Who is paying for it? And the big question, “How much care do you want others to take when handling your financial and medical information?” Lots, I bet.
It is time for everyone that comes in contact with sensitive information to become responsible data stewards. I am always surprised when a business owner or manager does not take information security and compliance seriously. I mean really seriously. Industry councils and government agencies are stepping up penalties for non-compliance and negligence. Compliance audits in healthcare, financial services, government contracting and other industries are stepping up at rapid rates. Requirements and enforcement is starting to flow down to all entities in the supply chain, including subcontractors and partners.
But, it is not all bad news. No matter what industry you are in, computing Best Practices can get you a long way to becoming compliant and more secure. Plus, your network will perform better, keeping employees more productive. Let us start with the top best practices for network security; firewalling, antivirus software, email spam filtering and data backup:
- Your firewall is your front line of network defense. Plan on spending upwards of $1,000 for a small business firewall with three years of updates. The device should be able to do deep inspection of traffic without bogging down your Internet connection. Firewalls can block sites employees should not be accessing (at least not at work anyway). They can also provide secure access to the network when working remotely.
- Invest in a paid antivirus service that is updated regularly. It is a good idea to contract with an IT service provider that can manage and monitor the service to ensure virus definitions are up-to-date and computers are being scanned regularly. Antivirus software goes a long way to keep computers out of the shop for malware removal.
- The vast majority of cyberattack payloads are delivered via spam emails. A good email filtering service will allow users to view suspect email while held in the service provider’s quarantine. This way, they can evaluate the email before it enters the local network. A good service will also allow a user to easily blacklist (block) or whitelist (allow) specific email sender addresses.
- Hackers are routinely infiltrating networks, wiping out any backups they can find and encrypting the rest of the business’ data, holding it for ransom. Businesses should have a monitored and managed backup system. This system should include offsite storage that is disconnected from the network. This is not only good for recovering from cyberattacks, but also from fire, theft, lightning strikes, storms and other disasters.
There are many other computing best practices that can help minimize potential damage from cyberattacks. For instance, complex password standards, periodic password changing and session timeouts are some easy best practices to implement.
Other best practices are more technical and require deeper networking skills. One example is network traffic segmentation (virtual networking or VLANing). VLANing not only creates “traffic lanes” that make it more difficult for hackers to jump across the network, it can also keep sensitive traffic that should not be intermingled separated. Also, network performance can be optimized by giving higher priority traffic preferred routing. This is another case where a best practice can help address security and compliance while improving the network and user productivity. Again, an IT pro can help design and implement a network infrastructure to fit your business’ individual needs.
You can invest millions in cybersecurity policies, technology and resources. But at the end of the day, the weakest link is usually the human factor, the end-user. IT best practices are never complete without effective end-user security and compliance policies, ongoing end-user training programs, and well-defined disciplinary actions for policy noncompliance. If you are in an industry with mandated requirements, you may not have a choice but to have these policies. They are a great idea even if you do not think so.
To sum it up, there is a silver lining. Computing best practices can help you achieve a better security posture, meet compliance requirements, improve the network performance and increase end-user productivity. No matter the size of your organization, or the industry you are in, that is just good business.
Ray Corriveau has 25 years’ experience in IT solutions design for businesses of all sizes and industries. His diverse roles have included Fortune 500 account lead, Florida water management district data consultant, and small business technology advisor.