If you have small office, it’s likely that you have been directly involved in the purchase of hardware, and sometimes even the setup of your office network. You are familiar with routers, switches, servers and printer placements in the topology. That’s good! The more involved you are in the decision making process of your network, the better the chances of making it more secure. Unlike your IT consultant, you do not get carried away by the latest technology out there. You ask questions about its relevance to your business and only then make informed and rational decisions. Whether you are a micro, small or medium business, with or without in-house IT support, here are some suggestions that will help you make better long-term decisions about your network:
Firewall: Many small businesses continue to use a simple router as the only protection from the outside world. These routers are good for home use. For your business, purchase a small business firewall instead such as SonicWall or Fortinet.
Antivirus and automatic updates: It’s not enough to have a good anti-virus on just your workstations. Your server is the most sensitive hardware on your network, so protect it. Make sure the anti-virus updates are automated, and running in the background throughout the day. Do not let employees disable automatic updates.
Unfortunately, programmers hate to admit their coded program is not perfect on the accounting software or worse yet, the operating system! They will politely push security patches your way as “fixes” for the bugs! Download these patches when made available. Better yet, employ patch management, because these patches, made by the same programmers are…you guessed…not always perfect! So take charge of keeping track of this, or leave it to the experts.
Password policy: Have a discussion with your employees who puts a sticky note with their password, on the monitor when they step out for lunch. If someone needs instant access to information, there is a safer way of doing it. And do have a serious discussion with someone whose password your cat can hack - “password” is not a password!
Acceptable use policy: I have seen employees access Facebook from workstations with sensitive data. As a business owner, you can set policies for internet use in your office. Use web-filtering software to block websites that do not meet your business needs. Educate new employees on what the company policy is regarding internet use.
Remote access policy: It’s great that employees can log in to the server at work from anywhere. Just make sure that they are not transferring more than just data and information. If the entire network depends on one server, and someone infected it while they were working from home, remote access policy needs to be revised to make your network more secure. Authenticate users and make sure ex-employee or temporary workers’ accounts have been disabled when they leave.
Backup policy: Do you have a contingency plan for disasters? The statistics on number of businesses that shut down due to catastrophic data loss is sobering – 50%. Don’t knock on wood and leave it to a higher power. Get a system that will backup your data automatically, almost real time, and send it to a secure location offsite, giving you a complete disaster recovery solution.
If you need to, hire outside consultants to perform an assessment. Some may even do a “mock attack” on your network to see where the vulnerabilities are and provide recommendations. As a business owner, starting a conversation with your key staff on what will make your network secure and robust, yet usable is a good start. After all, your business depends on your network.