Skip to main content

Five regular checks for SMBs

Five regular checks for SMBs

By- Aarti Jatan

Five things that, if neglected, can cost SMBs dearly.

It is not always economically viable for small and medium-size businesses to maintain a dedicated IT security team, so it often happens that one person is in charge of monitoring the entire infrastructure. Sometimes he or she is not even a permanent, full-time employee.

Sure, a good administrator can do a lot, but even a pro might miss something, particularly if issues are mounting and time is short. So, it’s worth establishing a few habits. Here are our Top 5 regular checks.

Renew the corporate site security certificate

Any website that requests or processes user data must have an SSL certificate. It protects information entered by visitors from being intercepted, and almost all modern browsers warn users that sites without an SSL certificate are insecure. That can scare off potential customers.

Your website most likely has an SSL certificate, but its validity period is limited. Depending on the certification authority, it will need to be reissued every three, six, or twelve months. Therefore, we recommend setting a reminder in your calendar about certificate renewal.

Update router firmware

The older the software, the more likely it is to contain vulnerabilities, so it’s critical to keep all software up to date. Workstation operating systems and applications themselves usually notify users when updates become available to install. But if you’re still worried about missing an important patch, use our corporate products, which contain an entire subsystem for tracking fresh vulnerabilities and fixes for them.

That said, it is not only employees’ computers that need updates. Routers also have built-in software — firmware — which over time likewise becomes outdated and vulnerable. Cybercriminals can then exploit the old firmware to infiltrate the corporate network. Unlike software on workstations, SOHO routers generally do not send notifications when the firmware is out of date, so updates have to be done manually.

Therefore, it’s important to inventory all corporate network equipment, and at least every couple of months check the administration console to see if a new version of the router firmware has appeared. If the console has no function to check for updates, you need to do it yourself on the manufacturer’s website. And if some devices are outdated and no longer supported, you should think about replacing them; vulnerabilities in such models will remain unpatched forever.

Revoke unnecessary rights

A dismissed employee can cause all kinds of trouble if their accounts and access to the corporate network are not closed in time. Cyberrevenge against former employers is real. To avoid a similar situation, make it a rule to revoke all access rights immediately after dismissal.

In addition, regularly audit all accounts and their permissions. It can happen that a person remains in the company but moves, say, to another department, where they no longer need some access rights but no one remembered to revoke them. Any unnecessary privileges can prove costly in the event of a cyberattack.

Back up

Backing up your data helps protect it from wipers, ransomware, careless employees, and other hazards. You can back up manually, but it’s better to schedule an automatic backup so as not to clutter your calendar with reminders.

That said, even if your company’s backups are automated, you should periodically check your data storage. Are the backup programs running smoothly? Is the storage address correct, or did someone sneakily change it? Do you have enough space for all of the data? Are the storage devices acting up? Modern data storage devices use S.M.A.R.T. technology to diagnose their own problems and predict how long they will survive. The technology analyzes the status of disks and reports issues.

If you store backups in the cloud, check the settings periodically and buy additional space before you need it.

Update antivirus licenses on servers

Security software on workstations and mobile devices won’t let you forget about subscription renewal. But don’t forget about servers. An unprotected server can cause a range of problems — from data leakage to hosting malicious resources in your infrastructure to turning your office into a cryptofarm.  Set a repeating reminder in your calendar to update server protection.

Your company’s security is in your hands

When it comes to security, the more regular and thorough the checks are, the better. To avoid serious issues:

  • Update software regularly, including router and other network device firmware;
  • Keep an eye on the expiration date of security certificates and security software licenses;
  • Make backup copies of data, and if your company automates the process, periodically check that it is being done correctly;
  • Revoke access permissions from employees as soon as they are no longer required;
  • Use security solutions to help monitor the health and status of your corporate infrastructure.

Comments

Post a Comment

Popular posts from this blog

How to secure PayPal

How to secure PayPal By- Aarti Jatan Your online finances need proper protection. Learn how to secure your PayPal account. With hundreds of millions of users around the world, PayPal has long been an international leader in the electronic payments industry. But as we know, money never fails to attract fraud, especially now, with as much of life as possible taking place online. Here is what you need to do to stay safe when sending or receiving money through PayPal. How secure is PayPal? As a matter of fact, PayPal is quite a reliable platform that maintains a high level of security — and keeps improving it. Thus, the company has an official program deploying white hat hackers to unearth vulnerabilities (the so-called bug bounty), under which it has already paid out almost $4 million since 2018. The program also covers several other services owned by PayPal, such as Venmo. PayPal also treats its users’ data responsibly: It did have one reliably reported leak, in 2017, but the leak invol...
Post a Comment
Read more

Woman dies during a Ransomware attack on a German hospital

Woman dies during a Ransomware attack on a German hospital It could be the first death directly linked to a cybersecurity attack A woman in Germany died during a ransomware attack on the Duesseldorf University Hospital, in what may be the first death directly linked to a cyberattack on a hospital. The hospital couldn’t accept emergency patients because of the attack, and the woman was sent to a health care facility around 20 miles away, the Associated Press reported. The cyberattack was not intended for the hospital, according to a report from the German news outlet RTL. The ransom note was addressed to a nearby university. The attackers stopped the attack after authorities told them it had actually shut down a hospital. Health care facilities are one of the biggest targets for cyberattacks, and cybersecurity experts have warned for years that most hospitals aren’t prepared . They rely heavily on devices, like radiology equipment, that are often connected to the internet. Without those...
Post a Comment
Read more

10 tips for Zoom security and privacy

10 tips for Zoom security and privacy By- Aarti Jatan Gain full control over your Zoom video conferences, family gatherings, and online bar crawls . With social distancing and quarantine measures implemented around the globe, people quickly started searching for effective means of communicating with each other. With its reported ease of use and attractive pricing, Zoom quickly rose in popularity — and people quickly figured out that Zoom’s developers weren’t fully prepared for the level of scrutiny it would receive. With so much use, Zoom’s flaws came rapidly to light. The company handled the tremendous increase of workload seamlessly and quickly reacted to security researchers’ discoveries. However, just like with each and every service, code updates will not address every complaint, but some issues are very much worth keeping in mind. So, here we offer 10 security and privacy tips for Zoom users. 1. Protect your account A Zoom account is just another account, and in setting yours up,...
Post a Comment
Read more