Minimum requirements for SMB’s to protect their data

Data protectionMore than 110 million consumers had their credit card and personal data exposed in the Target data security breach.  The whole process traces itself back to an e-mail phishing attack sent to employees of an HVAC firm doing business with Target.  

You can’t control how other companies and their employees choose to protect their data. 

But, you can control how your business approaches its own data security.

What do you have to do to stay safe in this modern day and age?  Here’s what needs to happen at a minimum:

    1. Encrypt everything:  Everything within and outside of your network needs to have 128-bit encryption.  Encryption doesn’t guarantee security, but it makes accessing the data much, much harder.  
    2. Use anti-virus and anti-malware:  Neither of these is perfect either, but when your employees accidentally click on something they shouldn’t, this can mean the difference between a simple popup that blocks the threat, and months and thousands of dollars spent recovering from a devastating security setback.  One important point to keep in mind is to have these updated on a daily basis.  If you have to turn off automatic updates, make sure you have your data regularly scanned, and perform the daily updates manually.    
    3. Train employees:  Speaking of your workers, make sure they receive training on all the latest tricks cyber criminals use to hack your network and breach security.  Spammy e-mails that try to get private information often look unprofessionally designed, contain typos, and they often don’t have an address that originates from the company they claim to represent (but not always).  Also, your employees typically haven’t signed up to receive any information from the company the e-mails represent in the first place.  Finally, educate them that simply clicking on the wrong link in an e-mail is enough to unleash a virus.  Make sure they receive refresher trainings on the latest threats throughout the year.  
    4. Have an audit performed:  Worried that your company is exposed to a certain threat, or maybe even multiple threats?  Have a third party perform an audit – even if you have a small IT team.  That third party can help you catch blind spots you may have missed.
    5. Make sure you use a spam filter on your e-mail servers:  Spam filters catch most junk floating through your e-mail server, but always remember to have your employees trained to view all e-mail with a skeptical eye – even if it comes from a trusted source.
    6. Use multiple layers of security:  Antivirus and anti-malware are just the beginning.  Make sure you also use firewalls, intrusion detection devices, and honey pots to keep every avenue safe.  

If your company isn’t doing one or more of these things, you’re setting yourself up for disaster.  And remember, if you can’t do all of these in-house, every one of them can be outsourced to a third party.    

Want to find out how secure your systems are?

Give Great Lakes Computer 30 minutes to run our agentless assessment of your network security and performance, and gain peace of mind that your network is safe, secure, and optimized.

Great Lakes now offers a free network vulnerability scan through the award winning Network Detective tool.  We will:

    • Run a full network assessment with no agents and no installs.
    • Produce comprehensive reports on security and performance.
    • Do it all in less than 30 minutes!

Sign up for your Free Network Assessment

Learn more about the author Bob Martin