In the ever-changing world of technology in which we live, we are constantly faced with the ever-changing risk of threats. Whether these threats come in the form of a phishing email telling you theres a million dollars in an African trust fund, or if they come in the form of a server crash – threats are real. Hopefully you’re part of the lucky group of people who’ve yet to experiece a crash (knock on wood!).
With that being said, I spoke to some of our technicians at MicroAge, and together we came up with a list of the top 10 risks they see, and what you can do to help minimize them!
- Backup of virtual server: virtual copies of all your files in case physical server crashes
- Disaster recovery plan: have you set aside time to run a simulation to ensure your recovery will work?
- What are your recovery choke points? What can be done to lessen the time it takes to recover?
- Do you have the appropriate server space (at least 50%) to perform a recovery?
- What is your password policy? Do you change your passwords every 3 months? Are they strong?
- Do you have a high caliber router/ firewall? (this is your first line of defense)
- Do you have anti-virus/ ransomware protection?
- Are your email servers protected? Do they have proper encryption? Most communication is done via email, so in the event of a crash, a major line of communication is at risk
- What is your USB policy? Do you allow outside USB devices to be connected to computers on your network? Are your USB ports shut down?
- Do you use mobile debit terminals? Are they encrypted?
- Are employee laptops properly protected? If you have remote workers, any network they connect to can affect their device, and then affect your network
- Employee cellphones? Are they secure? Password protected? Do you track them via GPS in the event they are lost/ stolen?
- Do you have remote access to wipe data in the event they are lost/ stolen?
- GDPR compliant? GDPR affects anyone storing sensitive data about anyone in an EU member state, putting most larger Canadian companies on the hook. It carries the strongest requirements that we have yet seen, raising the bar for Canadian companies. (More info here about Canadian compliance)
- PCI compliant? The Payment Card Industry Data Security Standard applies to companies of any size that accept credit card payments (More info here about PCI compliance)
6. Out- dated tech
- Have you budgeted for an equipment refresh every 5 years? Threats change every day, and we need to stay up-to-date to ensure protection
- Are your systems updated? Patch, antivirus, etc.?
- Have you budgeted for server expansion? Company expansion? New hires, new workstations, etc.?
- How long can your servers be down before you lose too much money?
- How much does downtime cost you?
- What is your plan to keep things moving while your main servers are down?
8. End user training
- Have you trained employees on proper usage of devices/ internet safety?
- Malicious emails, phishing links can be disguised to look like legitimate emails. Are your employees knowledgeable on how to recognize these threats?
9. Outside breach
- What is your plan in the event of a security breach?
- Do you know how to recognize when you’ve been breached?
- What steps have you taken to reduce the risk of a breach? (Training, security, antivirus, etc.)
- The internet poses the biggest risk to any business
- Is your network properly protected? Have you taken the appropriate measures to ensure risk is properly mediated?
- Do you and your staff know how to recognize threats?
- What is your plan in the event of internet outage? Is your business operating via a single point of failure?
MicroAge is a full service IT firm, specializing in helping businesses maximize IT investments, and increase productivity. Feel free to reach out to me with any questions about what you see here. I’m more than happy to help!
Leave a Reply