10 cost-effective ways to quickly beef up your company security
Image: Jack Wallen
Company security has never been more critical. Data is being breached on a regular basis, from midsize companies to enterprise giants. But even if you’re a small mom-and-pop shop, you’re not off the hook. All businesses need to keep data security at the front of their minds.
What efforts can you take to step up the security of your company? Will you have to buy expensive equipment? In some cases, yes. But not in every case. There are a number of steps you can take that won’t set you or your company back a half-year’s budget. Here are 10 cost-effective ways you can beef up your company security.
1: Update, update, update
One of the worst things you can do is ignore updates on your servers and desktops. Many times those updates includes security patches required to keep your hardware current with security policies and vulnerabilities. Without those patches, you might well be opening yourself up to various attacks. Although updating can be time consuming (and could cause a slight bit of downtime on servers), it must be considered a crucial step in keeping your company secure.
2: Stay in the know
If you’re in the IT department (which seems likely, if you’re reading this), one of your duties is to keep up with the latest security threats and warnings. If you stay abreast of what’s going on in the world of PC security, you’ll not only be informed of the latest threats but of the newest technology aiming to keep those threats at bay. Be sure to keep tabs on security alerts from the companies that produce products you’ve deployed as well as on general security issues. Read up on the latest security tech and stay open to learning new methods. Take classes, network with other security experts… get connected.
3: Set and enforce password policies
If you have yet to implement password policies, now’s the time. Make sure all passwords are strong and that they’re changed every 30 or 60 days—without fail. This should also apply to wireless security passwords as well as any BYOD device that is connected to your wireless network. Yes, changing wireless passwords on a regular basis can be a pain. But if you’re serious about all levels of security, this should be considered a must-do.
4: Don’t offer open wireless
Ever. Yes, for some companies offering wireless to the public is a necessity. However, that doesn’t mean the public Wi-Fi must be sans password. Set a public password and require customers to acquire it from an administrative assistant. Make it policy to change the public wireless password weekly. If possible, take it one step further and ensure the public wireless is in no way attached to your business network (even if that means purchasing a second pipe).
5: Get strict on policy breakers
You’ve finally managed to set all your security policies to make your company as safe as possible. If an employee undermines those policies, your company data is no longer safe. Security policies should have zero tolerance for infractions. Anyone who breaks them must suffer the consequences. This might be a hard row to hoe, but once you’ve established the staunch take on the policies—and once your staff understands how serious the issue is—your security will be easier to enforce. Understand, this could mean terminating employees in some cases. But if that’s what is necessary to ensure the security of your data, so be it.
6: Require two-step authentication
It never ceases to amaze me that two-step authentication isn’t the default for everything… everywhere. If your company makes use of Google, you should require two-step on every account and work with the Google Authenticator. Your internal servers should also use this type of system (You can even employ two-step authentication on a Linux SSH server.) At every possible intersection of authentication, two-step should be the default.
7: Use Chromebooks when possible
These inexpensive devices can actually help improve your company security in ways you may not have considered. First off, if your company uses Google and its two-step authentication (see above), you’re already a bit ahead of the curve. But with the addition of Chromebooks, you know your users aren’t installing third-party software that could wreak havoc on your network. Chrome OS is, by design, one of the most secure platforms on the planet. Yes, some may find them limiting. But considering most of the work your staff does nowadays is within a browser, a Chromebook might be the ideal solution when security is a prime.
8: Properly vet new hires
Sometimes a security breach doesn’t come in the form of a hacker sniffing out data but in the social engineering made possible at the hands of nefarious employees. It can be impossible to know the complete history and intentions of a new hire, but it is your duty to make sure you know as much about new staff as possible.
9: Rid yourself of paper documents
Papers can easily find their way into the wrong hands. Unless you employ a powerful document shredder (and use it regularly) you run the risk of data leaking if the wrong person picks up the wrong paper at the wrong time. Set a policy that all company data be retained only in digital form and that data must be stored on company hardware within the company LAN.
10: Employ full disk encryption
If you’re really concerned about the security of your data, you should be using encryption on servers, data drives, desktops, and mobile devices. Making use of encryption might well mean that your IT staff has to endure a short period of long nights and nightmares, but this type of downtime is well worth the effort. In the end, your data will enjoy much-improved security.
Data security is an ever-moving target that you need in your sights at all times. If you’re not willing to make some changes and tow the hard line, your company data could easily be at risk. With a few exceptions, this list security “upgrades” should be very simple to put into play.
Have you found other affordable security measures to protect your information assets? Share your suggestions with fellow TechRepublic members.