Don't make the mistake of thinking your business' computer network is safe because your business is small. Criminals target small businesses because they have fewer resources, reduced information security specialists, and are an easier target for criminals. Verizon conducted a study that showed hat 71 percent of breaches occurred in companies that had less than 100 employees. It's not just your infrastructure that's at risk, your employees must be properly trained to detect and prevent social engineering tactics aimed at getting to your customer and company data.
Time: Minutes to set up or arrange. Should be ongoing for the life of your business.
An internet connection
Network penetration testing software
The Threat Starts With People -- The most secure system in the world won't protect your company if you don't prep your employees. Social engineering refers to the psychological manipulation of people in your organization to provide valuable information that allows a criminal access to pertinent information. Strict standards that prevent the divulging of customer or company information can help protect your company. For example, a criminal may enter your building and post a bulletin stating that access is restricted by employee ID and password. The first employee that comes through the door provides this information, is granted access and the criminal leaves with information they can use to access secure records. Using a two-pronged approach to security can solve this problem. Instruct employees that any request for a password must come with a verification from the individual asking for the information. This verification could be a text, email, pass code or some other piece of information. This is only one technique of many that can be used, so employers must stay up-to-date and aware of common social engineering scams.
Network Penetration Test -- Hackers can also use a network penetration test to access a system and probe for vulnerabilities. By conducting your own penetration tests with a qualified team, you can identify potential weaknesses before they become weak points for hackers. A team of network defenders should test your network regularly to determine how well they can thwart attacks. Increase your investment in network security when you identify weaknesses in your system that require additional resources to mend. Information security needs to be a primary goal, and penetration testing should be conducted weekly and monthly.
Secure Your Backups -- It's not enough to have a backup, you need to secure your backup as well. An unencrypted backup won't protect your company in the event of a data breach. Ensure that no employee has access to the encryption codes unless they are directly responsible for the integrity of your data. Using a professional backup and security service can help ensure that your private company data doesn't get out into the world. Imagine a scenario in which your customer credit card numbers, financial information and account history are exposed and you will begin to see why an investment in strong servers is important. One simple way to protect records is to take your backup servers offline when not in use. This can help protect your customer and company information, while ensuring that nobody can access data when the doors are closed.