While your business may only have a security budget that is a fraction of larger enterprises, spending that money wisely can still help you sleep at night. Nothing is ever infallible; however, implementing security measures can go a long way.
Security Measures You Should Have in Place
Cybersecurity works best when implemented in layers, much like how you protect your own house. Working from the outside in, there are several common layers typically implemented in a well-designed system:
- Starting on the perimeter layer, you need to implement a Firewall to prevent malicious traffic from reaching your network. This is much like installing a fence around your yard. This allows you to control who comes in and who goes out.
- Companies may have certain services they want the public to access – such as a website or mobile app. These services are best protected in a DMZ (demilitarized zone) which is a highly protected zone of your network, much like the front yard of your house. You can carefully screen and watch what happens in your yard!
- The core of your network is much like your house itself. You want to install an alarm system and routinely maintain your home, so it remains resistant to outside threats. On computer systems, this is done by installing Antivirus software and by regularly patching and updating your systems.
- With all of these layers of security, your home (or network) is fairly well protected, however the final layer is the occupants of the home, or the employees of your business. Users need to be educated on safe behaviors and what may be a potentially harmful activity. That innocent link to a funny dog video may not be what it appears to be. Users need to be exceptionally cautious when dealing with the rapidly growing volume of sneaky email and social media threats and learn to scrutinize everything, much like you would look through the peephole when a stranger is at the front door!
- Do I know what I would do if my data was held for “ransom”?
- Do I know what I would do if my computer became infected with a virus?
- Do I know if my website and email is properly protected?
- Do my users know what a suspicious email or Facebook link looks like?
It is vital to know the answers to these questions BEFORE something happens. Time is of the essence when dealing with a data breach or malicious activity and if you are unable to stop the spread quickly, it could be much like a fire in your house: if not quickly contained it can be devastating.
If you are unsure of your company’s cybersecurity defenses, or are unable to answer the above questions that probably means there is room for improvement. Just like with your home, unless you’re experienced in assessing alarm systems, its often best to talk to an expert who specializes in this field. By following these measures and getting a security assessment, you can significantly reduce the risk that cyber threats pose to your business.