Small business security can feel like an overwhelming undertaking, especially if you’re not tech savvy. But there are some very simple and affordable ways that you can improve your network security. In this article I'll identify three of the most common ways hackers break into business networks, and I'll show you three basics tips that can help you defend your business.
Despite the availability of biometrics and other advanced form of authentication, passwords still play a crucial role in securing anything from email accounts to access to CRM and ERP systems. Unfortunately, there are two main problems when it comes to passwords: Users either make use of passwords that are far too simplistic, or they reuse the same passwords for work-related accounts and their personal accounts.
The former is self-explanatory, and the latter becomes a problem when hackers successfully break into websites that fails to properly obfuscate the reused password. And because most Web services now ask for an email address as a username, an exposed password can very quickly lead to the complete unraveling of a users’ online security.
What's the solution? Use a different password for each site, or at least avoid reusing office passwords used on external websites.
Hackers also commonly exploit un-patched software that contains security vulnerabilities. And it isn’t as if the bad guys have to spend hours painstakingly checking for the right application to exploit, either. Hackers routinely purchase exploit kits from the black market and seed them across the Internet hoping to catch the unwary – and the unpatched.
Moreover, hackers also use free penetration software -- designed for security professionals -- to automatically run thousands of probes and hunt for problems on your company servers.
So what’s the morale of the story? Update your software -- patch, patch and patch again.
Basic Security Training
Do you have a friend or relative who insists on forwarding you hoax emails about the latest malware threat "as reported on CNN" or the free $1,000 giveaway by Microsoft as part of "a new email tracking experiment" that requires them to forward the email to all their contacts? Like that relative who just doesn’t get it, SMBs inevitably find themselves with a handful of staffers who lack the perceptiveness to see hoax emails for what they are.
While forwarding email messages may be a time-wasting endeavor to other employees, they do not typically constitute a security threat. Clicking on an unidentified URL or downloading software from dodgy sources however, may expose your corporate network to a Trojan or malware infestation.
Though it may sound clichéd, the only reasonable way to defend against such a threat is to periodically conduct basic computer security training with all computer users in your organization. The idea is to run through the latest tactics that hackers use to infiltrate businesses, and coach your staffers to correctly identify such attempts as small business security threats.
Do you have any other suggestions that can dramatically enhance an SMB’s security posture? Be sure to leave your comments below.
Paul Mah covers technology for SMBs for Small Business Computing and for IT Business Edge. He also shares his passion for and knowledge of everything from networking to operating systems as an instructor at Republic Polytechnic in Singapore, and is a contributor to a number of tech sites, including Ars Technica and TechRepublic.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|