Common IT Security Risks for Small Business (and how Ventura Tech can help…)

At Ventura Tech we consider IT security one of the most, if not the most critical aspects of an IT environment.  The following list highlights some of the more common risks a small business can face along with ways to mitigate them, and how Ventura Tech can help.

1. Employee Mistakes

The biggest security risk for a small business is likely careless or uniformed employees who use simple passwords, visit unauthorized websites, click on suspicious emails, or forget an unlocked iPhone somewhere.

A basic but important way to minimize employee mistakes is through training.  Employers should teach and remind employees the best practices for keeping data secure:

  • Require strong passwords.
  • Do not use the same password for multiple users.
  • Make employees change passwords on a regular basis.   
  • Avoid sharing or emailing passwords.
  • Avoid using common or obvious phrases such as birthdays, family names, or a pet’s name.
  • Be sure users enable auto locking mechanisms on every device.  

Although this list seems obvious, many companies fail to take these basic precautions.

On the technology front, small businesses should take advantage of solutions that help enforce user access security, like 2-step verification. An antivirus client should be running on every system and scans should be run routinely.  Consider technologies that provide protection beyond antivirus software.  For example, Ventura Tech works with OpenDNS to provide phishing protection and content filtering which can minimize damage when an employee visits a risky website or clicks a questionable link.  And for the sake of data continuity, critical data should be stored on company file servers with a backup solution in place.

2. Disgruntled Employees

Admittedly it’s difficult to prevent an intentional malicious attack from a rogue employee but there are some steps an organization can take.   Thorough vetting of employees prior to hiring like background and reference checks are a good place to start.   Once an employee is onboard, strong legal protections should be in place as a deterrent for malicious behavior.   And finally, access to privileged accounts should be monitored, controlled and managed to prevent exploitation.

3. Mobile Devices (Bring Your Own Device)

Data is more vulnerable with mobile devices, particularly personal devices, that have access secure company information.  They are easy to steal or lose and unless precautions are taken, an unauthorized person can gain access to information either stored on or accessed through them.

An organization should have a solid BYOD policy in place, where employees are educated on mobile device expectations and security policies.  Again secure passwords should be used, auto-lock should be enabled, and apps should be up to date.   Jailbreaking devices should not be allowed because they remove manufacturer’s protections against malware.  If possible, include a policy to allow monitoring of company email and documents that are being downloaded to the devices.  There are technology solutions by companies like AirWatch (a VMware company), that help protect corporate data while respecting user privacy through techniques like “containerization”, which separates business applications and data in an encrypted zone on a user’s device.

4. Cloud Applications

When data is stored in the cloud, make sure strong encryption is in place to prevent any third party from accessing it.  For example, for cloud backup solutions, Ventura Tech often recommends CrashPlan from Code42, which offers 448-bit encryption and a private key option.

5. Unpatched Devices

When devices like routers, or servers, or printers have outdated software and/or firmware, they can become vulnerable.  For example, Windows 2003 is no longer supported by Microsoft which means updated security patches are no longer provided. As a result, there are many vulnerable servers out there running Windows 2003.  A small business should be running supported software and a patch management program should be in place to help ensure devices and software are up to date at all times.

Ventura Tech can help implement some of these strategies to mitigate security risks.  Ventura Tech can help by providing content for employee training material to teach common security practices like the importance of using strong passwords and avoiding suspect websites and emails.  We also can help set up and monitor data access levels across an organization to be sure the only the right people have access to critical data.

On the technology side, Ventura Tech can beef up security of a client’s IT environment by setting up 2 step verification systems, enabling auto-lock features on hardware, and deploying OpenDNS for the office environment.  When considering cloud based solutions, Ventura Tech can help identify the most reliable and secure solutions.  Finally, Ventura Tech has a patch management system solution in place, which tracks and installs patches automatically so that everything is up to date. 

If you are a small business and interested in enhancing your IT security, contact Ventura Tech today!