When you think cyber security for your business you need to think about having multi-layers of software and hardware security.
The first line of defense is your staff. Make sure they are trained to spot SPAM, phishing attempts, and malicious websites. Next, make sure they are trained what to do when they get SPAM, phishing email, or happen upon a malicious website. The answer is: don't click on anything, get out of there! Finally, make sure they know what to do if they think they got infected. Answer: turn off their computer, unplug it from the network, and then call their IT guy/gal/support.
The next line of defense is your firewall. There are a number of great firewalls in the market but we like Sonicwalls. You will need to pay an annual subscription for some of the services but it's worth it. Don't forget that your firewall has "software" and needs to be updated frequently so any security holes get patched.
Anti-virus software should be installed on every PC and some of your servers (virtual machines).
The above is usually enough to keep you secure but if you want to go even further to protect your business there are other software packages that can be installed to monitor and stop network traffic that is malicious.
When it comes to my data I always say…someone can steal my computer but please just leave me my data. That's how important data is and that's how important data backups should be to you. Take a minute and imagine just one important file or database is missing or corrupt or maybe you accidentally deleted it. How would that affect your business?
A data backup (almost) horror story: A couple of years ago, an employee of one of our clients introduced a "crypto locker" virus to the network (i.e. she brought a flash drive with documents to work that she worked on elsewhere, plugged it in to the network, opened a file to continue working on it, and introduced a virus). The virus immediately went to all shared drives that were mapped to the user's PC and encrypted all files on her computer and the shared files. Any file with a PDF and Office document extension were locked and required paying a ransom to unlock.
The happy ending to that story is that we had backups of all of the files from the prior night. After cleaning the PC and server and restoring the files, everything went back to normal.
What is the "best practice" for backups?
The short answer is you need to have, at a bare minimum, one on-site and one off-site backup. We don't think this is enough, however. Depending on the environment, you may even want to have a server "copied" on another server, and/or files synced to a separate location. Redundancy and redundancy are the key!
Types of backups:
On your computer - you copy and paste files making backups
On a USB drive connected to your computer
On a NAS device (networked storage device)
Off-Site (or "Cloud") Backups
Own off-site backups
More articles coming soon...
Please come back soon. We will be adding more articles each month.