This is Part Two of a three part series about IT mistakes that business owners commonly make. This post will cover security, backup/recovery and internet policies.
1. You’re Secure, Just Insufficiently
You’ve got encryption, antivirus and antispyware, a firewall and passwords set up, and you feel like your business network is secure. And it might be…on the other hand, it might not. Here’s where your security measures may be falling short.
Antivirus: Just as there’s a difference between consumer and commercial grade computers, there’s a difference between consumer and corporate antivirus. Make sure you’re using business-grade antivirus, which benefits from being installed and updated from a central control center on a company server. This gives you one place to check to see if all antivirus within your network is up date, ran last night, etc.
Your software should also be easy to manage, scalable and offer adequate technical support. Since antivirus subscriptions renew annually, corporate software has the added benefit of renewing all at one time.
Firewall: Your business also needs an intelligent internet firewall with current licensing from a security vendor like SonicWALL, WatchGuard or Cisco. Too many business owners depend on their router (Linksys, D-Link, NETGEAR, etc.) to secure their network. While your router contains firewall components, it isn’t enough to protect your computers.
They should be stringent enough so passwords can’t be easily guessed or subject to dictionary attacks (an attempt to beat security by simply trying common words, login names or passwords until one works.)
But, they shouldn’t be so overly complicated that your workers create workarounds to remember their passwords (i.e. password on a post-it note), which end up drastically reducing security. A policy that requires a minimum of 12 characters and/or forces users to change their passwords every 30 days is probably too much.
2. Relying on Backup & Recovery Products
To ensure that your data backup and recovery system is comprehensive you need more than hardware and software products. You need to have policies in place and an ongoing process that implements those policies.
For example, your company needs to regularly verify that backup jobs are reporting successfully; that data backups are recoverable; and that all of the company’s critical information is included in those backups. These reporting tools should be timely, systematic and, whenever possible, automatic.
3. Not Enforcing Internet Policies
The merits of having or not having a company internet policy could (and eventually will) fill an entirely different blog post. If you’re interested in an internet policy, you first need to understand that there are two types your company can employ.
A computer usage policy is a written guide that expresses the types of behaviors you don’t want employees engaging in on company computers (installing software, using the internet for personal use, etc.) Usage policies underline what’s not allowed, but operate on the honor system, as employees are still able to access these behaviors.
Content filters employ firewalls that actually block undesired computer behavior. For example, you can set up a content filter that blocks Facebook if you don’t want employees using the social media site at work.
If you already have an internet policy, you need to enforce it, and you need to enforce it at the firewall level. This will stem personnel problems that could arise if employees feel someone is going around policing the office, which can undermine employee trust and satisfaction.
Part Three of this series will cover problems with staffing and decision makers.
View Part One of the series here.