[BreachExchange] The Absolutely Essential Elements of Business IT Security

[Audrey McNeil]

http://foundersguide.com/the-absolutely-essential-elements-
of-business-it-security/

A lot of business owners underestimate the importance of business I.T.
security. Sure, they know that that’s important. But they don’t know just
how involved in the process they should be. And this can create some real
problems! After all, modern businesses have way too much to lose if this
security is compromised!

And you shouldn’t underestimate this danger. The costs of data loss should
be worrying to any business owner working in any field. It’s true that the
majority of such episodes aren’t actually the result of security breaches.
(Most of the time, it’s hardware damage or the innocent errors of
employees!) But that doesn’t mean you shouldn’t put a priority on I.T.
security.

This is precisely what many business owners are neglecting to do. If you’re
starting a business, you need to put a focus on your security measures. At
these early stages, a mistake in security measures can have tremendous
consequences. The mistake may seem small, at first. But the implications of
a lapse in any area can be very damaging to your company.

What we’re going to do here is look at the key elements of this problem. If
you’re dealing in computers and networks in your business (and chances are
you are!)? Then you’ll definitely be coming across these things in the near
future.

General network infrastructure security

First, you should take a “macro” look at your technological infrastructure.
There are going to be clear indicators of your general infrastructure being
inadequately managed. This can often take the form of a complete lack of
Internet security, as well as physical security of the hardware. What kind
of unique threats might your company face? How are you going to implement
security solutions into the infrastructure? You may want to enlist the help
of IT managed services if you want to ensure this is done right.

Protection against malware

What are the most common ways of getting malware onto your computer
systems? Most of the time, it’s the download of files that are infected.
The installation of harmful software is also pretty common. A lot of
employees in modern businesses have a lot of freedom with what they can
download and install to do their job. You shouldn’t take this freedom away.
But you should make sure people are aware of the threats out there. You
should also ensure that appropriate anti-malware software is available for
every computer.

User privileges

Modern businesses deal a lot in virtualization and collaboration. They
often use cloud services that allow people to edit documents
simultaneously. They have certain folders on the work servers that are
required for employees to do their job. But a lot of the information held
in some of these files are going to be very sensitive. It could be that you
can’t have anyone on the outside looking at them. It could be that you can
only have a very limited number of employees looking at them. This is why
you have to be very vigilant when it comes to user accounts and privileges.

Error and activity monitoring

A lot of these sorts of security problems are completely preventable. And
I’m not just talking about taking the kind of measures I’ve mentioned
above. What I’m referring to is your ability to monitor networks for
suspicious activity. If you have the right monitoring solution, you’ll be
able to recognize suspicious activity and investigate it before harm is
done. You’ll also be able to tell when an error is taking place that might
compromise the security measures I’ve already mentioned. This is something
you may want to discuss with I.T. professionals.

Device security

You have to think about the security of the devices that your employees may
bring to work with them. (As well as those they’re going to take home with
them!) These include mobile phones, tablets, and laptops. As I’m sure
you’ve noticed, these are becoming more and more popular in the workplace!
This can definitely help with work speed and productivity. But each
employee needs to follow your security measures when they use their own
device. If you have a bring your own device policy, make sure you’re
adequately protected. They need to be very careful about the networks they
connect to using these devices, for example.

How you deal with incidents

So what is everyone supposed to do if a cyber-attack occurs? Do your
employees know what they need to do if an I.T. disaster takes place? And,
for that matter, do you know what to do? You should have a response and
recovery plan. This will help with business continuity in the face of such
a problem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161115/d031e0f9/attachment.html>