For starters, having your security breached is usually a good indicator it could be stronger. But in all seriousness, most small businesses don’t know how secure their security really is, and they almost never know when their data is being breached, even as it’s happening. In other words, by the time they do realize something’s not right, it’s usually too late.
And why is that, exactly? Because most small businesses don’t look at their servers, read logs, or look at any type of technical stuff that would tip you off that something’s wrong, or that something is about to seriously go wrong.
Most small businesses have little to no IT support, either. And if they do, it’s usually one low-cost IT guy. And here’s the problem with that: most IT guys who work independently won’t tell you anything is wrong because they won’t really know themselves. They’re graphical administrators, which is just a fancy way of saying they manage servers by clicking on buttons, not by looking at logs on those servers or looking at logs on firewalls.
Translation: your IT guy probably won’t know something is wrong until your service already becomes a problem. When your service/data becomes encrypted, it’s way too late, and no amount of backups will help, either. You can’t trust data on a server that’s infected, because those backups can’t be trusted. Fast forward to the end result, and your small business is going to have a heck of a large expense to recover. Good luck with that.
So how can you avoid the above scenario? There’s no foolproof way to go about it, but there are some questions you can apply to your business’ security to see if it’s performing well and if it’s sound of strength and mind.
- When was the last time your firewall was updated/patched?
- When was the last time you validated that all of your machines/all of your computers had up-to-date security patches?
- When was the last time you verified that your backups worked at all?
- When was the last time you did a port scan?
- Do you know what a port scan even is? If not, you probably haven’t done one.
- Do you plug smart devices (like Amazon Echo and other IoT devices) into the same network that you plug all your other computers and servers into? If you do, your security is super hackable.
- Do your employees click on links or attachments from unknown sources? Cardinal rule of tech: don’t ever click on things from people you don’t know.
- What information do your employees send out as attachments? Do you monitor them? Remember that internal employees are the biggest security threat to your business.
- Do you have a separate banking computer for your company to connect to the bank with? This is pretty important. A banking computer will prevent unwanted installations from happening, limit company accessibility (the CFO and bookkeeper should typically be the only ones with access to this), prevent web browsing, and generally keep your important information safer.
- Are your applications available in the Cloud? If so, do you enforce complex passwords?
I’m willing to bet that you didn’t have the right answer to all of these questions, and if you didn’t, your security just isn’t as safe as it could (and should) be. In fact, if any of these questions weren’t answer correctly, you’re leaving your business wide open to security threats.
So what are some proactive steps you can take to make sure you’re not breached?
- Hire a Professional Technology or Security Consultant- No, seriously, hire one. I know what I’m talking about and only a professional can really assess your current situation for what it is.
- Already Have an IT Guy? Hire an IT Professional to Check Him/Her – Did you know you can hire IT people to test the performance of your current IT person? Yeah, you can, and if you were iffy on any of these questions, you should.
- Schedule a Penetration Test- Have an IT professional try and break into your network to see how strong it really is. If they succeed, congratulations, you failed the test and your security sucks. You officially need help.
- Get a List of Security Issues- If you fail your test with flying colors, the right IT professionals will provide you with a list of issues from the penetration test, port scan, and other tests run against your security. From there, you can discuss how to fix the problems at hand and fortify your security with a professional.