Let’s get right down to it. If you are a small to mid-sized business owner or employee, you already know that the chances of you “wearing one hat” is about the same as you taking a nice cool drink from the fountain of youth in your lifetime. Not happening… If your business card doesn’t have enough room for all of your titles, or if you have to think about what day it is when someone asks what you do for work, these are for you!
Stop Thinking Stupid Stuff - I know. It’s a bit broad. Let me clarify. There seems to be this false sense of security floating around that just because your business isn’t a massive nationally known superstar that somehow you are less likely to be targeted by cybercriminals. Newsflash: the bad guys don’t care about your company size. They target vulnerable devices. They troll the entire internet looking for them. When they find one and it happens to be able to provide them access to a company, yes, their evil grin broadens slightly. If not, they try to turn the device into a bot that they can control and use it to speed up their search for more neglected devices. Unless your company still utilizes quill pens, parchment, carrier pigeons, and the pony express, you should prepare for the “when” and not the “if” scenarios. As a matter of fact, if you believe that somehow obscurity equates to an elevated level of security you are more likely to be hacked than a larger business that proactively protects themselves.
Microsoft Automatic Updates Are Not Enough - If you are relying only on automatic updates from Microsoft to make sure your devices are secure, you are likely not as secure as you might hope to be. Automatic updates are great if you understand that many times they will need to reboot your device to be fully applied. This is great unless you are a person that hardly ever reboots their laptop but instead simply shuts the lid when you are done for the day. One, that never gives your device a chance to reboot. Two, it puts the computer to sleep and prevents it from checking for new updates during idle time. You need to make sure that your device is allowed to reboot and is powered on a few nights a week to allow the system to scan for new patches and attempt new installs. We’ve seen instances where a person successfully (and unknowingly) prevented full patch installations for almost a year before we came along. Also, the default settings don’t normally alert you that a patch installation may have failed. It is a good idea to manually check your patching status for issues. Also, patch settings for your operating system normally don’t take care of all that third-party software you have installed. Many of them have scheduled update jobs or services that check for updates every so often (if the device is powered on and connected). Some of them are better about updates than others. It is always a good idea to check all of your third-party applications to make sure the latest patches are applied.
Backup, Backup, Backup! - Ransomware has unfortunately become a permanent part of the English language. The latest research doesn’t look good as far as stemming the tide of new variants that can swiftly infect a network and do more damage than was possible in the past. There are two ways that you can help reduce the risk of being infected with ransomware. The first is to backup your important files, folders, and entire systems if necessary. Make sure you have multiple copies of the backups. At least one local and one off-site. Backup is your last line of defense to make sure that your business data is protected and could be restored in the event of a disaster (natural, digital, etc.). It is not enough to just backup your data. You also need to be sure that your data is recoverable when needed. This requires testing on a consistent basis. If this isn’t happening, you might not be able to fully recover all of your systems.
Train Yourself And Your Team - Humans are absolutely the weakest link when it comes to security. One of the fastest ways to make an impact on your organization is to deploy monthly or biweekly security awareness training as a required activity. It has been proven over and over again that continuous education is by far the most effective means of defense when it comes to cybersecurity. With many of the top services costing less than a large latte per month and delivered right to their device (no expensive and time-consuming trips), it is an absolute no-brainer. Make sure to ask if the training covers phishing, mobile phone security, as well as physical device security. If not, there are definitely better programs out there.
Call A Professional - If any of the bullet points above seem like they are going to be challenging or if you don’t know where to start, call a technology professional. The security landscape is evolving quickly. If you can get the foundation pieces taken care of, you will be able to focus on your business and meeting your client needs.