Let me ask you something: How well equipped is your company to deal with and respond to a potential data breach? On a scale of 1-10. Do you know? Not sure? Experian put out an interesting report regarding data breach preparedness. They found that 23% of respondents believed that their organization doesn’t understand what needs to be done following a material data breach to prevent loss of customer and client trust. 30% weren’t sure at all and only 14% agreed. That should tell you that if you’re not taking proactive steps to prevent and manage data breach, you’re not alone. Thousands of companies are overlooking the most basic IT security measures and have little understanding for where to start. Are you one of those companies? Take a moment to explore five of the most commonly overlooked IT security measures and see how you stack up.
- Password complexity.
The most common security passwords are 123456 and password. Common sense tells you that these are easily hackable and shouldn’t be used, but we continue to use them year after year. If your employees use these types of passwords for their personal data, it’s not a far cry to believe that they might be setting their work passwords to something similar. While these may be easy to remember, they’re about the farthest you can get from secure. Make sure that you implement a standard for password complexity. The hardest to uncover are those that include special characters, a mix of upper and lowercase letters and numbers that are not sequential. Make sure that you educate your employees on the importance of secure passwords and offer a standard for them to use in creating their own password.
- Password change frequency.
Having a complex password protects your customer and company data significantly better than having a simple, easy-to-recognize password. But how often should your employees be changing this password? Every 30 days? More often? Less often? You’ll be interested to know that users don’t have to change their passwords as often as you might think. For example, this Lifehacker article references a few studies that actually suggest that frequent password changes can be detrimental to user productivity. Strike a good middle ground between frequent changes and leaving dry passwords to exist as your employees turn over. Depending on the sensitivity of customer data and how our client’s infrastructure is configured, we recommend password updates as frequently as every 90 days or as infrequently as annually. Like most of your IT decisions, this is subjective. Do make sure that you change passwords when your employees leave, as you want to protect data access by those not within your organization.
- Windows Patching.
Windows patches can seem annoying. They can seen counter productive. If you’ve got a Type A employee that doesn’t like to be interrupted – they can even seem like a they’re inhibiting efficiency. But Windows Patches are what keeps your workstations and server up to date and protected against the latest security threats. Failure to implement these updates could mean a massive data breach or infection that could not only compromise data but take down your organization for days or weeks. In short? Complete these updates. Often. As often as every day is ideal, but if you have a Managed Services or IT provider that is completing these updates for you it won’t be quite as intrusive for your users, as these updates can be done automatically every evening or during scheduled maintenance windows.
- Mobile Device Passcode.
We’ve covered mobile device security and BYOD extensively in our blog. This article in particular was pretty popular with regard to mobile security. When your employees bring their own devices and add their company e-mal to those devices, your company data is quite literally one swipe away. Making e-mail and mobile phone passcodes mandatory is one of the more important elements with regard to IT security. It’s not optional.
- User Security Policy.
The absolute most important thing when it comes to your IT security and something you shouldn’t ever overlook is having a security policy in place for your users. The policy should outline the handling of sensitive data, how mobile devices should be treated, password mechanics, and all other elements in your strategy. Just like you want to educate yourself on the importance of security, you have to educate your users on the why behind each step they’re taking. Just telling your employees to create a secure password isn’t enough, they have to understand why they’re doing it. A security policy gets all your users on the same page and places a published standard of security compliance out to be clearly followed.
IT security isn’t something to mess around with. Sure, small businesses are much less likely to be attacked than some of the major companies that have been breached to date, but that doesn’t change the fact that it happens. Whether or not you continue to overlook these important IT security measures could be the decision that makes or breaks your business.