In our modern environment, protecting your computer network requires more than just throwing money at antivirus solutions or installing some fancy hardware. Sure, these products absolutely make up one piece of the equation, however it’s important to note that the largest risk to your business data is often one that is human in nature. Having a solid understanding of the risks is extremely diligent, but also having a plan in the event that you are compromised cannot be overstated.
#1 – Protect your email
By far, the number one avenue that is used by bad actors when infecting computer networks is via email. If you run your own mail server, it’s imperative that you either use a server or network based email antivirus solution to stop bad emails even getting to the mailboxes of your users. If you use an email service hosted by a service provider, find out what sort of email protection they use. Speak to an expert about which solution is best for your business. We recommend Microsoft Office 365 Hosted Mailboxes and have found the virus and spam protection included with these services to be high quality and easy to manage.
#2 – Have a Secure Password Policy
More often than not, we see people using very simple passwords. In our always connected world, many services (including those seemingly internal to your business) can often be accessed from the internet. It’s important that secure passwords are used. We recommend using an online password generator that can generate you an easy to remember password, however is complex enough to mean it cannot be easily guessed. Even if your services are not accessible via the internet this is still good policy, because you want to maximise the number of hurdles an attacker would need to jump in order to penetrate your security – secure passwords are one such hurdle. Keep in mind that it is quite possible that your computers might be physically stolen or lost.
#3 – 2 Factor Authentication
Where possible, it’s becoming increasingly important to consider what is called 2 Factor Authentication. Sounds fancy – Sounds Complex, but it’s not. Single Factor authentication really means you put in one piece of information (usually a password) to access a service. 2 Factor Authentication means that you are essentially doing two things, or entering 2 pieces of information.
The most common example of this is used in online banking where an SMS is sent to your phone in order to make payments. This requires you to login with your password (First Factor), and to enter a SMS Code from your phone (Second Factor). Speak to your IT Support team about how 2 factor authentication might be suitable for your business.
#4 – Clear Staff Acceptable Use Policies
In the age of smartphones, there’s really no excuse for staff using company computers for personal activities. Make it clear to your team what things you do and don’t want them to be using critical business infrastructure and resources for – this will limit the scope of possible methods of penetration an attacker might be able to use. If you need help working out an acceptable use policy, why not reach out? We have lots of experience developing these and we already have some great templates you can work from.
#5 – Managed Desktop Antivirus
Protecting email is one thing, however this doesn’t safeguard desktops against vulnerabilities from general web browsing or documents that are not delivered via email. It’s especially important to ensure that your desktop antivirus is managed by your IT department – hopefully your staff are too busy working to have to worry about checking in on this themselves to make sure it’s up to date! This also means your IT team can identify infected computers straight away and remove them from your network, before they can cause additional harm.
#6 – Backups, Backups, Backups!
It’s really important that you have not just local backups of your data – but also that these backups are taken offsite. Ideally, your backup solution should take a snapshot of your system multiple times per day (without the need for user intervention) and send your data to a secure cloud location overnight. Having backups in place is also just one part of the equation, you need to have a solid plan in place for how to recover from them if something goes wrong.
#7 – Staff Education
9 times out of 10 we see compromises which could have been mitigated if the user was a little more diligent in their behaviour. This is all about making your staff aware of the methods that are used by attackers to penetrate networks. It doesn’t matter how much money you throw at security hardware or software, you’re still going to be vulnerable if the wrong email or website is clicked on. Unfortunately attackers are almost always 1 step ahead of the corporations selling virus/security solutions.
Summary Checklist:
- Invest in server/network based antivirus solution
- Enforce secure passwords
- Implement 2 Factor Authentication
- Have an Acceptable IT Use Policy
- Use a Managed Desktop Antivirus Solution
- Take local and offsite backups (and have a recovery plan)
- Take the time to educate staff on IT Security