Every company leverages data in different ways to make informed business decisions, and they should protect this data.
With all the data organizations are collecting, the importance of security is at an all time high.
For a small business, data is a lot more than spreadsheets and PDF files!
Here are some examples:
- Sensitive Company Information (Employee Personal Information, Company Passwords, Network Configurations, etc.)
- Internal Company Documents (Company Processes, “Secret Sauce details”, Knowledge Base, Operation Manuals, Internal Sales Documentation)
- Your Company’s CRM (Sales opportunities, client lists – Literally a gold mine of information!)
- Accounting & Financial Information (Confidential information regarding your company’s financial position, bank statements, vendor agreements, contracts, etc.)
- Strategy & Vision Information (Confidential information related to your business’ strategy and vision)
Data is the new currency!
There’s always risks but how do you mitigate them? Here are guiding questions that we ask our clients:
- What are your company’s crown jewels? (Information that you could not survive without)
- What solutions do we have in place to keep your data protected?
- When’s the last time you ran a fire drill on your backup solution?
- What would we do if we were the victim of a cyber attack? Could your business survive? (60% of companies close after 6 months of being hacked)
- What are the legal implications of a cyber attack on your company? Does your industry have legal requirements in terms of data security?
- Did you know that recent changes to the Personal Information Protection and Electronic Documents Act (PIPEDA) legally requires “Canadian companies to alert their customers any time their personal information may have fallen into the wrong hands.” (Source)
If you don’t know the answer to either of those questions its time to get prepared. The Canadian Centre for Cyber Security has a great web site regarding cyber security for small businesses.
Don’t have time to read all of them? We’ve summarized them below.
Implement layered security
Think of your security as a layered approach. First, is your network security. As a basis, you should implement a firewall. At SupportMyMac we use Sonicwall firewalls. A firewall is designed to block any unauthorized access to your network. Depending on your organization’s security needs there are a variety of layers of added security within the firewall.
The next step is to protect your endpoints. Endpoints include your employees’ desktops, laptops and mobile devices. This is where your team stores most of the files and data. Ensure you have strong passwords and use Two-Factor Authentication when possible.
For more information on the different layers of security you could implement within your organization be sure to check out our Managed Security solutions.
Patch Operating Systems and Applications Automatically.
Software manufacturers send out updates for good reasons. They often aim to improve functionality and fix security problems. Many security monitoring systems send out notifications when there is a new upgrade available. Make sure you
schedule the time to do these or have them automated using a Mobile Device Management solution.
Provide Ongoing Employee Training
According to Verizon’s Dara Breach Investigation Report (DBIR), 17% of data breaches were made by human error. This could include things like employees failing to shred confidential information, sending emails to the wrong person or falling prey to phishing emails.
It is important to implement proper training and procedures so that your employees stay educated and up-to-date on recent cybersecurity trends.
Have Proper Access Controls
Many organizations set up their file sharing systems so that upper level management can control which folders their employees can access. For example, management can be granted access to specific folders while the marketing and sales team is given access to others.
Back Up and Encrypt Data
If you fall victim of a cybercrime even with a variety of security tactics in-place, the most important thing is that your data has been backed up. There are many solutions out there. Here’s are the ones we recommend.
This way, if you were to lose your data you know that you have a copy of it elsewhere. We covered this in more detail in our post about key practices for an integrated backup strategy.
Best Practices Recap – What you need to know!
- Implement Two-Factor Authentication for all cloud services.
- Use a centralized user directory for your employees like Okta, OneLogin or JumpCloud.
- Use strong passwords all the time. Don’t just add a “1! to the end of every password you have.
- Implement a password management tool like 1Password for individual and shared passwords. Did you know 1Password is a Canadian solution?!
- Enable Apple’s FileVault to encrypt all of your company’s devices. Use an MDM to centralize FileVault recovery keys.
- Implement a mobile device management to manage your corporate devices and standardize on security profiles and software.
- Implement a back up solution for all of your endpoints and for your cloud solutions (Microsoft365, G-Suite, etc.)
- Invest time in hardening your email solution to block phishing emails using SPF, DKIM and other techniques.
- Schedule frequent fire drills for your backup solution!
- Use a Next-Generation Firewall like SonicWALL to protect your internal network.
- Implement a totally isolated Guest Wi-Fi network for your … guests!
- Implement DNS based web filtering for all of your endpoints to protect form phishing and bad web content!
- Secure your website by signing up to a Monthly WordPress Maintenance Plan by a Web Agency like WPExpert.ca
- Train your employees on how to detect phishing websites. Use a tool like KnowBe4.com to simulate a phishing email to your team. Who fell for it?
- Keep your systems up to date!
If you have questions or concerns about how to best protect your company’s data, feel free to reach out!