In today’s IT world, just about any company is subject to an attack. If you’re busy running your business, it’s difficult to know how to stay on top of all of this, especially when a new type of virus or security breach bubbling up almost daily.
The good news is there are several steps you can take to make your company a harder target to hit.
>> One of the best solutions is to arrange for off-site storage of your data. Not only does this better protect you from disasters, whether natural or man-made, it also allows you to quickly recover your files in the event of a system failure. Seek out off-site storage solutions that will encrypt your data.
>> Institute regular backups of your data. How often depends on different factors. Your accounting department’s archives may need to be kept for months or even years, whereas less sensitive data may only need to be retained for a few weeks. Follow your company’s disaster recovery plan.
>> You do have a disaster plan, right? If not, your company needs one that accounts for your data and IT resources. And don’t just write a plan and leave it on a shelf. These documents need to be regularly reviewed and updated.
Again, how often will depend on your particular situation: what kind of IT infrastructure is in place, the expertise level of in-house and external consultants, the pace of technological change in your business, etc.
>> Some of the biggest security companies—Symantec, McAfee and Trend Micro—publish email newsletters with regular updates about the newest threats. It’s worth taking time to subscribe, so that you and your IT team can stay aware of the latest bugs and viruses.
>> Check your firewalls and network devices frequently to see if there are any firmware updates available. These updates can help correct security flaws. There is no hard-and-fast rule for how often you should check for updates, but it’s a good to stay in sync with the companies whose firewall and network products you use.
>> Many operating systems can be set up so that any patches are automatically installed. This will keep your desktops and servers secure. Many next-generation network security devices update themselves as software updates are released.
>> Make sure your system has a logging mechanism that records activity on your machines. All industry-leading applications provide monitoring features, usually in real-time, but make sure your IT team is configuring these features when introducing new applications to your company network.
>> Test your IT security. Get a network engineer to review your business’s event logs. Manually run virus and spyware scans, along with port scanning of firewalls. There are also third-party programs that can be used to scan for hardware and software security flaws. Even better, these programs can provide detailed reports listing any flaws, as well as steps for remedying them.
And if your company is attacked? First, have your IT team safeguard critical business data by isolating the servers and network. If possible, external access to all systems should be barred, so that no data should cross the company network.
In case of virus attack, antivirus product companies offer on-site support if their products have failed to stop a new virus. In case of a deep breach of sensitive data, it might be worth calling a company like FireEye that provides enterprise forensics solutions.
