Wasp Barcode Technologies: The Barcode Solution People

Five Information Security Holes That Could Sink Your Business & What To Do About Them


Today's blog post is brought to us by Elizabeth Ireland, vice president of marketing for nCircle. Many small businesses believe they don’t need to pay much attention to Internet security. After all, why would hackers bother with small businesses when there are so many more profitable targets? Unfortunately, small businesses have a high risk of security breach because online attackers realize that business owners often don’t have the time or the expertise to solve online security problems. Small businesses can also be affected by attacks such as worms or viruses. And because small businesses aren’t afforded the same fraud protection by banks as consumers are, a single security incident can have serious financial consequences. The good news is that you don’t have to be an IT expert or have perfect online security to protect your network.  You just need to apply the same level of caution that you use for other business assets, like locking your doors and using an alarm system. A few simple steps can make your network much more secure. Here are five of the most common security mistakes small businesses make and the basic steps to address them:  1. Not maintaining a regularly-updated, comprehensive list of every device on your network. Small networks often have many network devices attached, and the list changes constantly as new devices, employees and partners are added or removed. Every device, including printers, scanners, wireless access points, POS systems, storage devices, and smartphones, can be used to compromise the security of your entire network. By maintaining a list of network devices and regularly reviewing these items to ensure that they are configured safely, you can significantly improve your network security. Take the time to schedule regular updates of your network topology, checking to make sure no new devices have been added. This regularly scheduled review also presents a great opportunity to double-check the software configurations of all devices to make sure they are secure. This sounds like a lot of work, but there are a number of relatively inexpensive automated tools that make this process painless. 2.  You don’t know the exact network location of your sensitive business information, including intellectual property, HR information, financial and tax records, and customer data. You may think you know where all your sensitive information is stored, but it pays to do a detailed audit at least once every quarter.  You can’t keep sensitive information secure if you don’t know exactly where it is. Access to sensitive data should be carefully controlled and changes to this data should be monitored. 3. Not having an up-to-date, clearly written security policy that is adequately enforced. Users are always the weakest link in the security chain, so it pays to be clear and specific about what you expect from your users. A written security policy is the best way to clearly identify best practices for internal and remote users. SANS offers great, free security policy templates here. However, it’s not enough to have a policy - you need to review the policy with your users, and make sure they understand why you expect them to follow the guidelines. Integrate security policy training into your new-hire and training process, and review it periodically so every employee knows the best security practices for your organization. 4.  No password policy or controls Using strong passwords is one of the easiest ways to improve the security of all online transactions, and protect your network and the data on it. Microsoft has a tool that allows users to check their password strength here. There is also a variety of other free password checking tools available online. It’s good security practice to require employees to change their passwords every three months. You can help your employees remember to change their password by sending out reminders. 5. Out-of-date or disabled anti-virus software Utilizing anti-virus software is a security best practice and is required for companies that handle credit card data. It is a simple means of detecting, preventing, and, in some cases, disarming or removing certain kinds of malicious software programs. Every computer on your network should have up-to-date anti-virus software installed and running.  To improve your security posture, anti-virus software definitions should be updated daily and a full scan should be run weekly. Most anti-virus software is automatically configured to update daily and scan weekly, so you just need to be sure that the software is running on every machine. Although there is no way to guarantee perfect security, it’s not difficult to improve your online security.  It’s really just a matter of making online security a priority. Isn’t protecting your business worth the investment? About the Author Elizabeth Ireland is vice president of marketing for nCircle. nCircle’s PureCloud is an easy-to-use service that dramatically simplifies small businesses’ network security. PureCloud discovers all systems on the network, identifies where they are vulnerable and provides recommendations on how to secure them – with no additional hardware or software required.