9 things you can do for your SMB to avoid a data breach

1
9 things you can do for your SMB to avoid a data
breach

• Ascent Infosec

2

• You can never really tell if your business is
  going to
• be hacked. Hacking a large enterprise
• needs specialized skills. Guess, who will the
  average
• skilled hackers go after. They are looking for
• weaknesses and will pounce when found.

3

• If you are not doing any of these nine things
  youre
• definitely a risk of being hacked.
•  
• SMB has higher employee turnover. Do something
  about it.
•  
• Some industries and companies have more turnover
  than
• others. When employees leave they sometimes take
  data
• with them usually inadvertently but sometimes
  on
• purpose.

4

• Do your best to limit turnover one way to
  reduce the
• chance of a hack, while reducing your employee
• training costs
• Remote or mobile staff. Put tools to protect
  data.
• When employees move around, data moves with them.
  If
• an employee is remote then they are connecting to
  your
• database from various connections and they are
  all not
• secured.

5

• IT person should help you to make sure you have
  strong data
• management and connection tools in place and make
  sure it is
• monitored.
• Get some IT support.
• Even the smallest companies are exposed to data
  hacks.  Get
• IT person to evaluate your risks, install
  software, monitor activity and
• keep things up to date is a critical and
  essential business cost. The
• amount of IT support depends on your size and
  activity look at part-
• time or monthly.
•  

6

• Invest in security software.
• Subscribe to one of the great security
  applications. These
• software applications are inexpensive, run
  quietly in the
• background and are checking for malware, viruses,
  
• infected websites and other tools of the hacker. 
  Make sure
• this software is always updated as new threats
  are
• constantly identified.

7

• Train Your employees.
• Most security problems, are from employee-related
  errors
• clicking on bad websites, opening infected
  files, phishing
• links, etc.  Invest in training a few times a
  year with a
• good IT security firm so that your employees are
  aware of
• new threats and can avoid doing dangerous stuff.

8

• Put procedures for securing data.
• If you are handling health, financial or other
  personal
• information about your customers, and it gets
  stolen, you
• could have a big problem on your hands.  Keeping
  this
• data in an unprotected place means that hackers
  are
• going to find it.  If this is you, then youre
  going to need
• procedures and policies around the safeguarding
  of
• confidential customer data.  And after theyre
  written training
• will be required to ensure that your employees
  are complying.

9

• Update your computers and operating systems.
• Thousands of computers around the world are still
  running
• older, out of date versions of Microsoft
  Windows.  All hackers
• need is one vulnerable computer to attack and
  then can get on
• a network and wreak havoc. One of the best ways
  to avoid a
• hack is to ensure that all of your computers are
  running the
• most recent versions of Windows or iOS all the
  time.  If a
• desktop or other device is too old to handle the
  new operating
• systems then buy a new one.  The cost will pale
  in comparison
• to the cost youll incur if youre hacked.

10

• Monitor BYOD policy.
• Are your employees allowed to bring their own
  devices and
• use them for work?  Thats what most companies
  do.
• Unfortunately, this can create security issues if
  they are not
• monitored.  Many companies use remote management
• software to install company apps on their
  employees devices
• for a secure access while other companies issue
  their own
• devices to their employees which have been
  secured.  So,
• what is your Bring Your Own Device policy?  Every
  company
• must have one and every company must have an IT
  person
• monitoring those devices.

11

• Enforce Password changes.
• Most people are pretty complacent with passwords.
  You
• must require a more complicated password for your
  
• employees to enter your network a combination
  of
• letters, numbers and symbols and this password
  should
• be required to be changed every few months. That
  way
• passwords are more difficult to hack and hackers
  may
• move on to easier targets.
•  

12

• No, you cant completely avoid being hacked.  But
  if
• youre doing these nine things youve increased
  your
• changes a whole lot!
• Source Ascentinfosec.com