TechAdvisory.org

Technology Advice for Small Businesses

10 Business security guidelines

security_June13_ANo matter what industry you operate in, today’s technological advancements make it inevitable that network security threats will sooner or later come knocking on your door. While it is true that corporate security measures can consume a lot of time and a huge chunk of change, the rapid growth of malicious Internet activity makes it extremely vital for your business to become familiar with and to follow the right security guidelines.

10 Security practice guidelines for businesses

  1. Encrypt your data: Encryption of stored data, filesystems, and across-the-wire transfers is essential to protect sensitive data as well as to help prevent data loss due to equipment loss or theft.
  2. Use digital certificates to sign all of your sites: You should obtain your certificates from a trusted Certificate Authority, and instead of saving your certificates on the Web server, save them to hardware devices like routers or load balancers.
  3. Implement a removable media policy: Devices like USB drives, external hard disks, external DVD writers or any writeable media facilitate security breaches coming into or leaving your network. Restricting the use of those devices is an effective way to minimize security threats.
  4. Implement DLP and auditing: Be sure to use data loss prevention and file auditing to monitor, alert, identify, and block the flow of data into and out of your network.
  5. Use a spam filter on your email servers: Using a time-tested spam filter such as SpamAssassin will remove unwanted email from entering your inbox and junk folders. It is important that you identify junk mail even if it’s from a trusted source.
  6. Secure websites against MITM and malware infections: Start using Secure Sockets Layer (SSL) which creates a secure connection between a user and server, over which any amount of data can be sent securely. Through SSL, you’ll be able to scan your website daily for malware, set the Secure flag for all session cookies, as well as use SSL certificates with Extended Validation.
  7. Use a comprehensive endpoint security solution: Using an antivirus software alone is not enough to provide defense against today’s security threats. Go for a multi-layered product to prevent malware infections on your devices.
  8. Network-based security hardware and software: Start using firewalls, gateway antivirus, intrusion detection devices, and monitoring to screen for DoS attacks, virus signatures, unauthorized intrusion, and other over-the-network attacks.
  9. Maintain security patches: Make sure that your software and hardware defenses stay up-to-date with new anti-malware signatures and the latest patches. If your antivirus program doesn’t update on a daily basis, be sure to set up a regular scan and a remediation plan for your systems.
  10. Educate your employees: As simple as it sounds, this might be the most important non-hardware, non-software solution available. An informed user will more likely behave more responsibly and take fewer risks with valuable company data resulting in fewer threats to your organization.

Businesses cannot afford to take chances with security. Why? Because doing so can trigger a domino effect, causing a cascade of problems that can lead to operational outages, data loss, security breaches, and the subsequent negative impact to your company’s bottom line. Looking to learn more about security for your business? Call us today for a chat.