5 Practical Steps to Improve IT Security in Your Business

In the digital age, data is one of the most valuable parts of your business. Therefore, data security is something that should be a concern for every business owner. Security threats like phishing scams and CEO fraud are very real, so you should take any steps you can in order to keep your business safe.


Below are 5 practical steps you can take to improve IT security in your business.

 1. Permissions and passwords

One of the easiest ways to make your data more secure is by using strong passwords and setting proper permissions. Hackers use advanced software now to try and gain access to systems so using simple, easy-to-guess passwords is a big mistake. A strong password should contain bother upper and lower case letters as well as numbers and symbols. Just make sure it's all encrypted!

As far as permissions go - There is likely a hierarchy of data that you have within your business so you want to be sure that the most sensitive company data is only accessible to those on your staff who need to access it to do their job.


2. Backup data

It’s always a good idea to back up any important data in your business regularly. You can do this by using physical storage devices such as USB drives or external hard drivers or by using a cloud data storage service.

The advantage to backing up your data in the cloud is that you eliminate the risk of it falling into the wrong hands. It’s very easy for a USB drive to be lost or stolen for example. Most reputable cloud data storage services have very stringent disaster recovery measures in place, so contrary to what’s often believed – your data is actually very safe in the cloud.


3. Patch and update software regularly

Those who use malware and spyware to try and cause damage to your network and extort money from you rely on vulnerabilities, such as out-dated browser plug-ins and software. For this reason, you should regularly check to ensure you have the latest versions of any software or browsers you use.

Browser plug-ins pose a particularly big threat. Plug-ins such as Adobe Flash and Adobe Reader as well as media players such as QuickTime and Silverlight all increase your attack surface and mean you’re more vulnerable to attacks. For this reason, it’s recommended you limit the number of plug-ins used as much as possible and ensure that any plug-ins you do use are properly updated.


4. Establish best practices and train your staff in them

Training staff properly in best practices where security is concerned is something that a lot of businesses neglect. Using strong passwords and encrypted connections is fine but if one of your employees naively gives away their log in information because they haven’t been properly trained then it’s all for nothing.

CEO fraud is one of the most potentially devastating scams out there and has already cost companies around the world millions. For such a scam to be effective it relies on the lack of best practices at a business where things like transferring money are concerned. This is why it’s so important to establish practices that all your employees are aware of.


5. Conduct regular security audits

Measures such as using strong passwords, setting permissions and training your staff are all highly recommended. However, there could be weaknesses in your current systems that you’re not aware of. The best way to find out if there are any such weaknesses is by conducting regular security audits.

The more comprehensive your security audit is the better. A good audit should include a full assessment of any systems you use in your company that contain sensitive or important data; reviewing access controls; and interviewing staff.


If you're concerned about IT security, request a free copy of our 15 Point Security Checklist here to compare against your company's security measures. See also our Password Guide with tips on how to create 'hack-proof passwords'.


Image source: Flickr



see all