When thinking about Information Technology (IT) infrastructure, it’s easy to get overwhelmed. A lot of businesses worry most about bad actors hacking through firewalls. Although it’s important to set standards on firewalls and computer controls, there are many additional ways your business can be compromised. It’s equally important to understand that compromise can happen through simple human error — replying to a phishing email, clicking a malicious link, or having an easily guessable password.
When thinking about IT infrastructure, don’t overcomplicate it: know what you can and should control, focus on those aspects, and hire qualified vendors to help you with the rest.
Build your IT toolbox
Servers and backups
If you are hosting your own on-premise servers, perform complete backups of you data on an ongoing basis. This will safeguard you in the event that malicious software finds its way into your network, giving scammers the ability to install ransomware. Instead of paying the scammer to restore access to your files, you’ll be able to leverage your backups. It’s not enough simply to perform the backups, though. Schedule time to test and validate those backups to make sure they will serve their purpose if necessary.
Over time, hosting your own servers on premise has become less common and more risky. Audit your list of on-premise servers and evaluate if they truly need to be hosted locally. Chances are, you may be better off switching to a cloud server, leveraging the security and expertise of a vendor partner whose primary business is hosting and managing servers.
Software best practices
For any software you are running, whether it’s on premise or in the cloud, take the time to understand your security settings. Make sure only the necessary individuals have administrative access to each platform, and routinely audit all of your users and their levels of access to each platform. By minimizing the number of individuals who have access to your data, and providing those individuals only with the access they need relative to their roles, you mitigate the inherent risk that comes with operating a business connected to a global network.
For critical software, create an emergency access account, commonly referred to as a “break glass” account. This account should have complete administrative rights to the platform so that it can be used to perform critical fixes in an emergency. Keep in mind that this account should not be used on a day-to-day basis and should have a long, complex password associated with it that is saved in a secure location and is only shared with critical individuals.
Too often, businesses don’t leverage the security available to them in the form of software patches and version updates. Set aside time to review the status of the platforms installed on your network and check for available updates. If a platform offers automatic updates, take advantage of them.
Passwords and Multifactor Authentication
Because the most common method through which businesses fall victim to fraud is business email compromise, one of the most effective things you can do to prevent it is to educate your employees about password best practices and the value of multi-factor authentication.
Advise your employees to never share any of their passwords with anyone, including someone claiming to be from an institution you may already trust, such as your bank, a government agency, or large retailers like Microsoft or Amazon. Make sure your employees know not to reuse passwords across platforms, and that longer passwords, typically of at least 14 characters, are more secure than shorter ones.
Multifactor authentication (MFA) adds another layer of security by requiring a secondary unique piece of information, in addition to your password, which is typically a short code delivered to the user via email, SMS text message, or an authenticator app. When available, you should require that all your employees leverage MFA on every platform used by your business.
Hire qualified IT vendors
When it comes down to it, you most likely aren’t going to be able to keep up with all the cybersecurity best practices on your own. The landscape of cybersecurity is constantly changing, and new threats are popping up every day. However, the good news is that you don’t have to be a cybersecurity expert to take a few additional steps to protect your business, because you can rely on the assistance of outside vendors.
There are any number of qualified vendors you can and should hire to help you manage the various digital aspects of your business, including companies that can assist with data management, network management, and IT auditing.
For example, if you are hosting an on-premise server, consider moving those servers to the cloud on platforms offered by large companies such as Microsoft, Amazon, or Google. These companies have hundreds, if not thousands of employees dedicated to keeping these servers online and secure.
You should also consider hiring an IT auditor to perform penetration testing. These auditors can help you identify and understand vulnerabilities that you likely may not have previously considered. They can also help you define the metrics relative to your business that you can measure against on an ongoing basis.
Make it a daily topic of conversation
Arguably, the most important step in establishing good cybersecurity practices is educating your employees. Businesses who regularly discuss cybersecurity with employees are more likely to prevent it from happening.
Regularly provide employees with information on password best practices. Educate them on the basics of phishing. Encourage them to be cautious when they receive unexpected emails or emails that request any type of payment.
If you can, implement a formal training cadence to ensure that your employees understand the basic best practices that can help protect your business from cybercrime. And if you’re not sure where to start, find a qualified vendor that offers cybersecurity training or can help you develop a training program.
As your banking partner, we are dedicated to the success of your business, not only through providing business banking products that keep your business operating, but also in helping you ensure both your business and your accounts are secure.