IT Security for small businesses

Follow the basics steps creates reliable and more secure IT

NIST Cyber Framework 5 Pillars are the foundation for IT Security.  Building your infrastructure on this foundation creates a more secure and highly available network.
NIST Cyber framework 5 Pillars

I am asked constantly about IT security and minimum things companies should be doing to secure their business. It isn’t as complicated as most think.

Most companies seem overwhelmed by IT and hesitate to do anything at all. The reality is that by starting with these 5 things will put you on the road to building a secure foundation. Let me be clear, these are baby steps and a place to start…

The first five things that companies must do to create a reliable and secure IT infrastructure is have a plan, document what you have, use strong passwords, patch your systems quickly and backup your data. Let’s explore these in more detail.

IT Infrastructure plan – builds the foundation of great IT Support and IT Security

Knowing where you want to go is probably the most difficult task for most companies. IT is typically an afterthought and only becomes an issue when a company grows beyond 6 – 10 employees.

Having a foundational plan about how your IT should work when your business is running to your expectation is essential. Are you going to buy employees laptops or allow them to use their own? What resources will we need? File sharing? Will they be hosted on a server in the office or will files be in the cloud? What tool(s) will we using to manage our finances and where is that hosted? Are we using Microsoft Office 365 for email? What social media will we use, what is the purpose of our websites? Where does IT Security fit into our company? Who has access to our company resources? What is the proper way employees should use there company resources? These are just some of the things that are important to plan properly for your IT Department.

Documentation is very important to reducing the complexity of IT support

Documenting what assets you have, how those assets are configured, how they are managed, who will manage these pieces is just a couple example of mandatory documentation. Set up standards, document the standards and ensure that the standards are being followed.

Password Policies are one of the best ways to secure your business IT

The biggest mistake that is still being made today is using weak passwords. Everyone has been told for 10 years + to use complex passwords. Use different passwords for everything. Store all your passwords safely. We suggest using a password vault like Bitwarden or Lastpass. Using weak passwords make it easy for criminals to cause damage to businesses. Here is a great example of a weak password (password123) causing irreparable damage

The other mandatory part of passwords is the use multi-factor authentication (MFA). Using the MFA feature increases your system security by factor x10. Password vaults make it easy to create, store and manage complex passwords with MFA tokens functionality saved as well. There is no reason to have poor passwords.

Patching your systems regularly is another incredibly important step for great IT

Vulnerabilities to systems / software is announced daily. Security patches to the vulnerabilities are normally created and released very quickly. An example would be the notifications that you receive on your iPhone letting you know that your phone needs to have the software updated. Having a system in place to patch your operating systems and all the software in use in your business greatly enhances system security.

Data backup’s that are tested and available are incredibly important for any business

The last line in your business IT Security defense is having reliable backup’s. Think of this as the safety net below the trapeze artists. The backup’s have to be available to recover your business in the case of emergencies. A Data storage policy is the foundation for any backup / disaster recovery / business continuity plan. Knowing what data you have, where it is supposed to be stored, who has access to that data is all something that needs to be understood and controlled before an effective backup plan can be implemented. Backup’s need to be tested often!

These steps can seem easy or overwhelming…

We are here as a resource to help businesses with IT through the business lifecycle. The businesses that we support understand that they don’t want to handle IT themselves. It is easier to let someone who is experienced handle IT so they can focus on running their business. That having an IT Partner who measures to what great looks like, is constantly looking for ways to make their businesses run more efficiently. Having an IT department that has regularly scheduled on-going meetings to ensure that their IT is working for them makes more sense than recreating the wheel.

For those businesses that want to do these steps themselves we are happy to get you going in the right direction. We have a documented processes that we are willing to share to help you secure your business.

Please reach out to us and let us know how we are able to help your company.

Next steps…Again, these are just a few basic steps in the process of building an IT foundation and the start of a IT Security plan.

We recommend and use foundational standards like NIST Cyber Framework or CIS 18 Controls. These standards will give you the most important parts of building out your foundation. Use the standards to measure your system improvements. These foundations will help meet most regulatory compliance and ever tightening requirements to maintain cyber insurance.