8 Simple Tips for Developing an IT Security Strategy - iCorps
In today's world of frequent malicious attacks, it is increasingly important for SMBs that their IT systems are kept secure. Data assets and sensitive information need to be protected from unauthorized access, and any customer data must be securely stored to avoid compliance penalties. It is common knowledge that unsecured systems are open to hacking, malware and virus attacks. Often it takes a malicious attack on a network for the proper security measures to be implemented, but it's not at the fault of one person. Many business leaders are simply unaware of how to improve their IT security. Here are 8 simple tips business leaders can take to secure their network and form the basis of an IT security strategy:
Physical IT security
Any hardware containing personal or sensitive information is vulnerable to physical attack in the form of theft. Ensure that any back-up devices, servers and mobile devices containing sensitive data are securely locked away when not in use.
Access to any system containing sensitive data should be restricted to trusted employees who require access to the data to perform their duties. Each user should be issued with a unique username and password to help identify any breaches. The use of strong passwords should be enforced along with regular password changes and a limit on the number of failed login attempts, to protect against a brute force password attack.
Protect against viruses and malware
It is crucial that any IT security strategy includes the use and regular updating of anti-virus and anti-malware software that scans the network on a regular basis to detect threats. Use of a firewall as well as encrypting data transfers through email are two effective measures of protecting your network.
Segment your network
Segmentation of a network can be an incredibly useful tool in increasing IT security. Limiting access between different network components (for example separating your email server from your central file server) means that if one server is compromised, the attacker does not automatically gain access to the entire network.
Upgrade software regularly, and remove unwanted software
New vulnerabilities are found in software regularly, usually closely followed by a security patch from the software vendor that addresses the problem. Keeping your software up to date limits the chance of an attacker using a well-known vulnerability to access your network. Old software that is no longer used should be removed, as it is much more difficult to keep unused software up to date which can seriously compromise IT security.
Always change the default password
Most software systems come with a default password that will be well known among the hacker community – a major threat to IT security. To protect your network, it is crucial that this password be changed as soon as the system is installed.
Many attacks come via an individual workstation – if staff are well trained and know what to look out for in terms of phishing sites, scams, and malware and what to do if they suspect there is a problem with their workstation, problems can often be nipped in the bud before they propagate across the network. Even hiring a technical consultant to educate existing employees can prove to be a wise short-term investment.
Encrypt and secure mobile data
Many IT security breaches come from loss or theft of a mobile device. It is crucial that any mobile devices carrying sensitive information be properly encrypted in case of loss or theft. It is also good practice to ensure that any personal or sensitive data is only stored on a mobile device when completely necessary, and is deleted from the device when no longer required.