Having a dedicated IT person is a luxury most small businesses can't afford. Yet in today's hostile online environment, it's more important than ever to keep your business secure… Here are some common security issues we've found with small business clients:
1) Open or insecure WiFi networks. If your WiFi is not using WPA2 encryption, your network is vulnerable to outside attack.
2) Not locking accessible computers. Leaving your computer unlocked on the counter while you help a customer allows someone else to install malware/control software in a matter of seconds. Always lock your computer (Window+L is a handy keyboard shortcut) when you leave it.
3) Shared drives. We often see businesses with multiple computers sharing the entire C: drive on their network instead of individual folders. Many malware attacks will scan a network for ANY accessible folder and infect, or worse, encrypt them. Only share folders you NEED access to and only give write access if necessary.
4) Expired Antivirus. Free antivirus programs are OK, but paid versions provide much better overall security. You have to renew the license annually. If it expires, you won't get any new virus signature updates, or worse the program will completely deactivate.
5) Password Post It Notes. It's one thing to have a password on your monitor in an office that's locked when you aren't there. But many people put vital passwords (bank accounts!) on a post it note that can be seen easy if a 'customer' peers around the monitor when you are distracted. Use a password manager instead.
6) No backups. Many business rely on Quickbooks and their company file is their lifeline. If you're infected by an encryption virus or you suffer a hard drive failure – you could lose EVERYthing. External drive backups are not enough as encryption viruses will attack those too. Only offsite backups can protect you completely.
7) Not using two factor authentication or strong challenge questions. Most small businesses run off of a single bank account. If hackers gain access to that account and wire the money overseas, you have 24 hours to reverse it, or it's gone forever Could your company survive that? The easiest way for hackers to gain access to critical accounts? Your email. If they can get to your email, they can often reset passwords. Enable two factor authentication on EVERY account you can, and then use an app like Google Authenticator to make it easy to use. Make sure your bank account security questions are obscure – not something a hacker could figure out from your Facebook profile.
8) Using Windows XP. Windows XP has not received security updates in over a year now. Your systems should all be running Windows 7 or better if possible.
9) Out of date software. Many users will just close popups prompting to update programs like Java, Adobe Flash, Adobe Reader, and more. These are common virus infection points and those updates close critical security holes. Keep your software up to date. Running an ad-blocker in your web browser can also help protect you.
10) Out of date router software. Most small businesses use off the shelf consumer routers to protect their networks. However, these devices must be updated manually and millions contain vulnerabilities that hackers are taking advantage of daily. If they can compromise your router, they can access your network. If your router has new firmware, update it. If the manufacturer hasn't released an update for it in a few years, replace it. Even better? Use a security gateway with advanced malware and intrusion detection.
This is is not an exhaustive list. Overwhelmed? IT Xpress can help! We have affordable service and security plans that will ensure your network, computers, and online presence are secure and hardened against attack. Contact us today (336-525-5005/[email protected]) for your free security audit!
