Small businesses often find themselves in the unenviable position of not having IT employees who are trained in security matters. This puts them in a vulnerable position to hackers, who may exploit weaknesses that would have been immediately obvious to someone in the know.
Recently, Paul Mah highlighted some recurrent mistakes that he sees being made by SMBs. If they apply to your organization, acting on his recommendations should serve to bolster the overall security of your organization.
Click through for six steps you can take to quickly improve the security of your business, as identified by Paul Mah.
Because wireless signals are omnidirectional, they necessitate the use of encryption to prevent other computers from listening in. There have been a number of schemes developed for Wi-Fi encryption over the years, namely WEP, WEP 2, WPA and WPA2. In a nutshell, the WEP and WEP 2 protocols are trivial to crack with tools that are freely available, with even WPA with the TKIP algorithm considered weak.
As such, only WPA with the AES algorithm and the WPA 2 protocols should still be used today. Moreover, it is highly recommended that businesses use a passcode that is longer than the minimum 8-character requirement – at least 20 characters would be ideal.
Paul has written extensively on the topic of deploying and harnessing Wi-Fi in his SMB Tech blog due to the pivotal role of wireless networking in BYOD (bring your own devices). Two recent blogs about wireless networking that you may want to read up on are Why it makes sense for SMBs to deploy 802.11n Wi-Fi and Upgrading your Wi-Fi network to 802.11n.
The number of financial institutions yet to implement proper two-factor authentication never fails to amaze Paul.
At a time when one can purchase automated off-the-shelf malware toolkits designed to circumvent certain two-factor implementations, SMBs should not even consider using the Internet banking facilities of a bank that doesn’t offer a second-factor passcode delivered using a hardware token or as a text message.
Check out his post on Three online banking tips for SMBs for more information on this front.
If you still have desktops that run Windows XP in your SMB, it is high time to plan for its retirement. The reason is simple: Windows XP will exit all support when it receives its final security update come April 8, 2014.
That’s less than 18 months from now, which isn’t a lot of time for figuring out how to replace those cryptic in-house applications that will only run on Windows XP and for which the original source code has long been lost. Even if that’s not the case, you should consider permanently switching it off, too, due to its poor security features compared to Windows 7 and Windows 8.
Though Paul wishes there were some way to avoid having to install antivirus software, the simple fact is that endpoint anti-malware protection is essential to protecting desktops and laptops. This is especially pertinent for laptops, since they may be taken outside of the corporate network where they are exposed to greater dangers. Moreover, these laptops may also be used to access corporate assets, which mandate some minimal level of protection lest they become an unwitting conduit used by hackers to access the corporate network.
Fortunately, there are many antivirus software options out there, some of which may offer additional protection against data leakage or phishing attempts. Choose one from a relatively reputable vendor that fits your budget.
One of the top vectors for security attacks is through email messages, and they range from malicious attachments to URL links designed to lure users to a specially prepared exploit or phishing website. As such, it makes sense for SMBs to implement some form of malware scanner at the email server to deflect as many attacks as possible.
The availability of cloud-based email security services means that SMBs can obtain such protection at a small monthly cost. Moreover, setting this up usually requires nothing more than a small configuration change with your domain’s MX record. GFI MailEssentials Online is one such service, while businesses using Google Apps can sign on for Google’s Postini Services.
Advanced authentication schemes such as RADIUS do exist for Wi-Fi, though they are typically beyond the capabilities of small businesses to implement. The result is that most SMBs make do with WPA or WPA2 using a static passcode that is never changed. While this is fine in most cases, it is a “nothing or all” approach to Wi-Fi authentication that can be problematic when partners or guests visit.
A far better solution would be to set up a segregated network with a different SSID name for visitors. When configured to allow only Internet access, it lets SMBs offer hospitality to guests while maintaining the security of the corporate network. And if you’re not already using a business-grade Wi-Fi access point that is capable of more than one SSID, check out “Common Mistakes SMBs Make When Deploying Wi-Fi.”