The scale of the recent security breaches at Sony, which led to the cancellation of The Interview’s theatrical release, can make the company’s problems seem beyond the realm of the average small business. But the security mishaps that created the circumstances for the hack are as applicable to modest local and regional companies as they are to multimillion dollar corporations. These three tips will take you back to security basics and help avert your own big-screen drama.
Don’t let basic security habits slip
Our modern-day instinct tells us that the answer to potential security breaches is to install new layers of antivirus software, firewalls and further encryption systems. While these are all worthy additions to your company’s armor of security shields, they will do little to help if good old-fashioned protective habits are allowed to slide.
Instill a disciplined, security-conscious mentality in your organization, and keep the messages simple so that staff remember and follow them. Focus on regularly changing passwords and keeping them secret, being vigilant about avoiding unexpected links in email messages, and limiting network access for the likes of external contractors to that which is absolutely necessary.
One of the ways hackers made their way into the Sony network was by tricking administrators into thinking they had a legitimate need for access. In IT terms, this is called “social engineering.” To avoid this tricky tactic, teach your staff to be careful, and praise cautiousness even if it turns out access is warranted. Encourage staff to flag potential security lapses, and make sure they know that reports will be followed up and loopholes closed.
Take a flexible and agile approach to IT
IT changes, and so do the ways best suited to keeping it safe. This means it is vitally important to keep your IT systems up to date, and where necessary to do away with outdated practices that could leave your business technology exposed. This involves more than just ensuring that your network is running updated antivirus software to catch the latest bugs and worms – it means staying abreast of emerging methods to mitigate potential threats from hackers worldwide.
All of this uses staff and resources that your small business might not have – which is where outsourced managed services come in. Using a managed service provider as an add-on to your own IT team can give you extra flexibility and the ability to keep abreast of industry security developments, even when you lack the time to do so yourself.
Equally, know when it is time to ditch data – think of emerging social networks like Snapchat, which set messages to self-destruct after a set time, as your cue to make your data retention policy less permanent, particularly in relation to email. If you no longer have a business need or a regulatory requirement to retain information, then delete it – in the process you can limit the possible damage even if the worst should occur and you fall victim to an external attack.
Backup, backup, backup
The last thing you want in the event of a security breach is for it to hit your day-to-day operations – the potential damage caused by the hack itself is likely to give you enough to worry about. But that is exactly the situation Sony found itself in after its latest hack, with its email system down and staff forced to return to the days of pen, paper, and even the fax machine.
As well as ensuring alternative means of communication remain open to your business in the aftermath of a possible attack, it is also vital to make sure that you retain access to the information most critical to your work. Regular, secured backups help ensure that, whatever happens, the show is able to go on and your firm’s productivity and revenue are not unduly hit. Engaging professionals to undertake your backups on a managed service basis also means this can happen routinely and without fail, while you stay focused on running your business.
