6 Steps to IT Security
Antivirus and Anti-malware
- Multiple-layers of protection are always best. There is no silver bullet when it comes to security. Even though some antivirus programs are better than others, none of them are perfect. Make sure that whatever antivirus application you do use includes the ability to scan for malware and rootkits, in addition to viruses. The second layer of protection is to add a cloud based security filter, such as OpenDNS. You can also add a third layer by using a business class firewall router with built-in antivirus, anti-malware, and anti-phishing features. You should perform routine checks to make sure your antivirus program is getting daily definition updates as well as performing scheduled scans.
Backup, Backup, Backup
- If your data is not being backed up, then you run a high risk of losing that data. Make sure that your backup offers the ability to restore previous versions and make sure the backup is offsite. Also make sure that any offsite backup solution offers encryption in transit and at rest. You should also regularly check the backup to verify that it is working and that you can actually restore your data if necessary.
- Train your employees to recognize phishing attempts in email. Email is a common way that systems get infected, whether it is by an embedded html link or an attachment. McAfee offers a free Phishing Quiz online to see how your skills are and to learn how to spot phishing: https://phishingquiz.mcafee.com/
- Storing your password on paper, or even worse, in a text document on your computer is a very bad idea. Through using a password management system you can ensure that your passwords are all safely stored in an encrypted system to help you never forget a password (as long as you remember your password to access the system). These systems also help create more random passwords for a better level of security.LastPass and KeePass are two of the more common solutions. We recommend LastPass to sync between all your devices.
- Track what passwords your employees have access to and change those passwords or close the accounts as soon as the employee leaves. This will help prevent loss of company data and any potential damage done by a disgruntled employee. Leaving old passwords in place is a huge security risk.
- Multi-factor authentication is currently the best way to protect your online accounts. Applications such as Google Authenticator help implement MFA by providing a second layer pin that is always changing. The only way to access your account is with your password and your rotating authenticator pin, making it much harder to hack.
- This may come as a surprise, but don’t trust everything you see online. If someone sends you a link, be aware of that link and where it may take you. One of the more common ways that criminals can infiltrate your computer and your network is via Social Engineering attacks and by embedded links on Social Media and other websites. Learn to make sure you know where the link will take you before clicking on it, and only click if you truly trust the source and the destination.
- Security updates are released at least once a month by Microsoft and are frequently released for Adobe Acrobat, Flash, Java, Firefox, Chrome, and many of the other applications used by all of us each day. These security updates vary in level of severity, however most should be installed as they are released to patch any vulnerabilities that are being exploited through Social Engineering, Drive-by Downloads, Phishing, and other attacks. If your system is patched then you are less likely to get infected or hacked.
- If you are not already doing all of the steps above then there are security risks in your organization that could lead to system downtime, loss of productivity and revenue, and loss of company or client data. iTernal Networks provides these and many other IT Management Services through our Managed IT Services plans. Please contact us today for more information.