Do You Know Your Business’s IT Security Holes?

digital data security Cybersecurity risks are a hard reality for small business. Too many are not adequately protected against cyber dangers such as viruses, malware, phishing, botnets, data loss — the list goes on and on.

To protect your business website, systems, and data, you must start by identifying your organization’s cybersecurity weak spots. What are some of small businesses’ biggest cybersecurity holes, and what can you do to eliminate them?

Security hole #1: Risky password practices

Users frequently employ the same password for both business and personal accounts. As IT security guru Roger Grimes explains, hackers exploit this practice by phishing for users’ social media passwords, then using those same passwords to access corporate networks. Other commonplace, and risky, password practices include weak passwords and an insecure password-reset process (for example, no security questions or questions with easily guessed or searched answers).

Solution: Require employees to use complex passwords that are different from their personal passwords (e.g., for their social media or other online accounts). Enforce regular password changes.

Security hole #2: Unsecured mobile devices

The mobile workforce is here to stay — but mobility brings security risks. Often mobile devices are not secured with passwords, and many of those devices store or have access to sensitive, unencrypted company data.

Solution: Define bring your own device (BYOD) security policies. For example, you can require employees to secure their phones with a password, install a company-mandated security app, enable a remote-wipe feature that deletes sensitive data when the phone is lost, and require employees to use a secure file-sharing service (ideally, a business-oriented service like Affinity SmartDrive Solutions).

Security hole #3: Social engineering

Many cyber criminals troll online sources for personal information, then use it to contact users, pulling sensitive data from them or tricking them into installing malware. According to Trend Micro, two of the biggest causes of data breaches in small businesses — email attachment viruses and phishing emails — are common examples of social engineering.

Solution: Train employees to recognize different social engineering ploys. National Cybersecurity Institute recommends having employees do social engineering role-playing exercises to understand how a cybercriminal or fraudulent communication might engage them, as well as practicing safe ways to respond.

Security hole #4: Lax software patching

Grimes says that most computers are compromised via unpatched software — especially the most popular products. Open source software also is replete with security holes (remember the Heartbleed bug?). Businesses that don’t stay alert to vulnerabilities affecting their software and apply patches in a timely fashion are exposing their critical systems and data to cyberattacks.

Solution: Stay informed about security vulnerabilities for all software you use in your business and apply software fixes as necessary. Apply vendor software updates when they’re available. Grimes recommends patching the most popular programs first, because such programs are most likely to be exploited.

Following best practices can address each of these problems. But if your business’s IT security is weak in multiple areas, a wise course is to engage an IT security provider like Affinity Security Solutions to perform a baseline security assessment, which includes penetration testing and vulnerability scanning, and recommend network and website security strategies to protect your business.

[cta]Don’t let a security breach cripple your network and your business! Contact Affinity Network Solutions for an independent Security Assessment of your network environment — by email or call us at (888) 682-8999.[/cta]