Installing the right security software is important for keeping your business’s network secure, but even the most up-to-date software can only do so much. It’s up to you - and your employees, for that matter - to prevent many network breaches that could leave your business out of commission and losing money by the second. Here are five things you and your company and employees can do to prevent breaches.
Reduce the Volume of Data They Keep
The more information stored on the network, the more information that could possibly fall into the hands of a cyber criminal. One way to reduce this risk is to simply reduce the data volume as much as possible. Don’t retain any data that isn’t absolutely necessary and try to find ways to simplify the data that you do collect. Finally, along these same lines, try to store data in only two places, with at least one place being in the cloud for disaster recovery purposes.
Delete (and Report) Suspicious Emails
Email is the number one point of entry for viruses and malware that devastate small businesses, and over half of all major attacks on small businesses were made possible by an employee opening a phishing email or facilitating ransomware through malware in an email. Train your employees on the dangers of these emails and teach them tips for spotting them. Then, make sure your employees not only delete these emails, but that they also report them to the appropriate company. Usually, the company being “spoofed” in a phishing email, for example, will have a specific email address set aside for reporting such things. Be sure to forward the email along to that particular address (if it exists), then delete it. Implementing phishing tests for employees can also help raise awareness and see where you have potential weaknesses.
Use the Paper Shredder
If any of your business’s network information appears on physical sheets of paper, it is critical that these sheets be destroyed as quickly as possible. Don’t just throw them out; run them through a cross-cut shredder beforehand to discourage potential thieves from piecing together your critical information. You should also destroy and discard other types of physical media, including CDs or DVDs, that have important company data on them.
When disposing of hard drives, take special care to securely destroy the drive. Purely formatting a drive can leave most of the data recoverable by specialized software. While physically damaging a drive could theoretically work, it is not recommended or realistic in a corporate and professional environment. You should find a professional destruction company that issues an official certificate of media destruction for proper record-keeping.
Restrict Computer Use
As tempted as they might be, it is important that your employees do not access unnecessary websites, especially peer-to-peer file sharing websites, on your company network. These are the perfect entry points for cyber criminals. Better still, utilize software and firewalls to restrict access to any websites that are not directly required for your employees to do their jobs. Though it may seem too restrictive to you at first, it is the only real way to ensure that your sensitive information stays on your network.
Enforce Security Policies
Finally, there are several other policies you should put into place and enforce to keep your data safe. Make sure your employees understand which data is confidential and that they are aware of the repercussions of sharing confidential information with others, intentionally or otherwise. Do not allow cameras at workstations with company computers (to prevent purposeful or unintentional photography of sensitive information), and require your employees to change their passwords frequently. Go over these policies during your weekly meetings to ensure your employees understand their importance, as well.