Security is frequently an after-thought in many small businesses. Here are some areas to ponder:
Often when we ask “how often do you back up your critical data?” followed by “in the event of a disaster, how many days (hours!) of data could you afford to lose?“, the answers to those two questions don’t align.
Are you concerned about account-takeovers / hacking of your critical cloud services? If you’re not using strong, randomly generated passwords and two-factor authentication…. you should be.
How secure is your network? Perhaps you’re confident that you’ve got your firewall locked down, and the perimeter is secure. But did you know that a large percentage of ransomware comes in through phishing emails? Once an attacker has persistent access to your network through an employee’s compromised PC, how secure is your network at that stage?
If an attacker gains access to your network and exfiltrates your data, or encrypts it for ransom, do you have secure, offsite backups of your data that aren’t reachable with regular administrative credentials?
If a disgruntled employee decides to make a mess and damage the company, have you given any thought to access control? Do you grant access to only those resources for which a particular employee should have access?
Do you have any publicly accessible web-servers (IIS/Apache/Tomcat/etc) web services sitting on your network? Are they running any insecure code and are they protected from SQL-injection and XSS attacks? Do you enforce HTTPS?
What is your disaster recovery plan in the case of fire or theft?
Contact us to help you form a plan and secure your business data responsibly.