There are certainly many threats when it comes to technology, and as a small business owner, it is vital to understand the threats that could put your IT systems at risk.
In today’s environment, as we become increasingly remote, businesses are relying on technology to accommodate daily life. Computers are a critical part of every business; they provide access to data, protect data, and provide the necessary infrastructure to make it happen. Without computers and data, companies simply can't operate.
Regardless of how data is being stored, data loss is at risk in a variety of ways, including:
- Deleting files accidentally
- Hardware failure
- Power failure
- Equipment theft
- Spilling coffee on a laptop
- Fire accidents
- Aliens stealing data
The above may be obvious threats, but what about the not so common ones posing harm to IT systems?
Threat: Using Your Own Device
Allowing employees and users to use their own device allows for increased risk of data loss. Personal devices are used for business during the day, and leisure at night which makes it difficult to separate work information from personal information. Since you must give permission to your network for each device, this means more vulnerability to your network. Personal devices are easily lost, stolen, or compromised; they don’t have the level of security a regular PC might have and are not monitored in the same way as a desktop computer.
A simple solution for employees using their own devices is mobile device management. This means:
- Enhancing endpoint security; being a phone, tablet, or PC.
- Installing software on each device that can manage what is going on.
- Increasing security in the workplace through firewalls, device management by ID, and device and data access regulation.
- Using these techniques, you have greater control. You can capture, wipe, or encrypt devices to make sure your company’s data is less vulnerable.
Threat: “Backdoor” Vulnerabilities
If employees are logging in to servers when they are physically outside of the building, reduced protection can expose systems and increase the chances of being hacked. With outside servers, attackers only need to find a single weakness to gain access to those systems.
To manage these vulnerabilities, it’s critical to maintain a clean and current machine. Machines, software, and browsers should be updated when notified. Set passwords on firewalls properly and define users who will have access. Require network monitoring so you can track who is on your network, what sites they’re going to, and what information they are requesting. A high-quality anti-virus and anti-malware system is important to secure information, along with remote monitoring and management (RMM) which allows you to monitor every device, see patching levels, and identify attacks.
Threat: Privileged Users
There are many companies that allow admin rights to employees, meaning if their device is hacked, someone else has access to those admin rights as well. Similarly, there are servers and networks where multiple people may have the password, making it easier for the wrong hands to obtain access to the device and do malicious activity. Unmonitored access privileges can lead to misuse and potentially expose confidential data as well.
It’s recommended to establish the appropriate levels of access for employees to keep these privileged users to a minimum. Training and educating employees to not share passwords and use complex passwords can also prevent hackers. Take advantage of multi-factor verification when possible to confirm the correct person is using the device; this is key in avoiding hacks in the system.
The biggest issue with backups is people trust they are constantly being run. No one ever questions if the backup is working or considers how long it would take to recover from a failed server. For example, if a server fails, the data may take 24 hours to recover everything from the backup to begin rebuilding the server. Insufficient backup policies can also be a reason for data loss. If the backup is insufficient, it may not capture all the data needed from every device.
The solution to backups is to always backup and plan in the event of disaster recovery. Work with an expert to make sure your data is: encrypted, automated, and secure. Essential data should be quickly and properly recovered in the event of downtime and another disaster. Most importantly, test your backups routinely.
If you are in an industry where compliance is important, such as finance or health care, and you are dealing with your customers’ personal, identifiable information (e.g. names, address, Social Security number, health care information, etc.) you must give special attention to this sensitive data. Not having proper safeguards may leave your business vulnerable to disruption, legal consequences, and loss of revenue as fines for non-compliance can be costly.
To combat this, there are many IT providers that fully understand your industry regulations. They can provide training and assessments to help meet these specific requirements.
There are many hidden threats that can put valuable information at risk. For a further in-depth analysis from CMIT Solutions Representative Steve Eroskey, please visit our Youtube page to view our on-demand webinar, Cyber Security for Business Owners: 5 Hidden Things That Put Your IT Systems at Risk.