You may think your IT support and consulting firm has implemented proper security protocols for your company’s computing systems, but the days of just setting up a firewall and installing anti-virus software are gone. Much more needs to be done these days to protect your business from the ever-increasing number of cyber security threats.
Unfortunately, most IT firms are overlook the critical measures that they should be taking to protect your business – which can have a huge financial impact on you.
Here are the five most common cyber security mistakes that we’ve seen other IT firms in the New Jersey area make. If you are concerned that your business may not be as protected as it should be, contact us for a cyber security assessment:
- No Employee Training
The weakest link in any organization are its employees. Does your IT partner provide an on-going cyber security training program for your employees or are they leaving it up to chance or for you to figure it out? Even the most sophisticated security systems can be circumvented by a mistake made by an employee who clicks on something they shouldn’t, or who gives information to the wrong person. We recommend all businesses implement a regularly recurring cyber security training program that not only trains but also tests your employees’ ability to detect and avoid the ever increasing number of cyber security threats that threaten your business.
- Not Regularly Analyzing Systems
Do you regularly analyze the cyber security readiness of your business and review how to improve any risks that are found? Unless you are made aware of the vulnerabilities of your systems, how can you make a decision on what security measures need to be put in place? We recommend that all businesses regularly review the security of their IT systems, whether they are in your office or in the Cloud, in order to understand their vulnerabilities. Then, you should be reviewing options and costs to reduce or remove those threats. This type of analysis/review cycle should be done on a recurring basis, typically two to four times per year.
- Insufficient Maintenance/Out of Date Systems
Out of date IT systems that don’t have the proper security patches are easy targets for hackers. Many of the latest viruses specifically target older systems that have known security vulnerabilities, and the only way to protect your business is to ensure that your systems are up to date. Your IT department or IT service partner should be doing two things to protect you here: first, they should be regularly deploying patches and updates to your systems on a nightly and weekly basis. Secondly, they should be reviewing your systems on a regular basis to identify any system that has a patch missing.
- Insufficient Backup (Can you recover from a cryptolocker?)
Do you have protocols in place to prevent this infamous ransomware from hijacking your computer network? Cryptolockers are a particularly nasty malware that when unleashed on your computer or network will encrypt your files, preventing you from opening them unless you pay a ransom (and even after you pay, most hackers won’t unlock your files!) Usually if you fall victim to a crypolocker, you can kiss your files goodbye for good. Your IT partner should be doing its utmost to prevent CryptoLocker attacks on your business by putting protocols in place to prevent as many attacks as possible. There is no way to stop all cryptolocker attacks, so your backup system must be able to recover your systems and files to quickly get you back in operation.
- Insecure Password Storage
Where and how are your company passwords being stored? Your employees aren’t storing passwords on post-it notes on their desks or in unencrypted files on their computers, right? Throw out those sticky notes and Word documents—they open up your business to hacking in a heartbeat! You should be using a secure password management system that provides user-friendly, highly secure storage of all the passwords your employees need to use to access your systems, vendor portals, etc. Your employees don’t have to remember anything beyond their user name and a single master password to access the storage system.
There are other steps IND Corporation takes to ensure your network is secure and running efficiently.
- Our network administrator reviews all new clients’ systems and generates a customized “state of your IT” report so you know what you have and where potential problems exist.
- We hold periodic IT strategy meetings with your team and provide a 27-point executive level review of your entire network’s stability and security. That way, you’ll always be fully apprised of the potential risk and the health of your systems.
- We report problems clearly and concisely in a meaningful summary without meaningless technical jargon, so that you can make better business decisions regarding your corporate IT.
Does your current IT provider do all that? Don’t leave your network vulnerable to attack when there are relatively simple steps that can be taken to protect your system. Contact IND to find out how we can help. We’re based in Parsippany in northern NJ, and work with businesses throughout the state to help them maintain the utmost IT security and performance.