logo [vc_empty_space height="38px"]

Select Sidearea

[vc_empty_space height="18px"] Populate the sidearea with useful widgets. It’s simple to add images, categories, latest post, social media icon links, tag clouds, and more. [vc_empty_space height="31px"] [vc_empty_space height="26px"]

The 11-Point IT Security Checklist for Small Businesses

Follow Us on Social Media!

BGiant data breaches at giant corporations make headlines just about every month. But small businesses have become the favorite target of hackers. Fight back: Defend your small business’s IT network by following our annual 11-point IT security checklist.

Maybe you saw the news a couple of months ago about Hennepin County’s email system being hacked and thought, “That’s a huge organization — my business is too small for hackers to bother with.” Trust me, hackers welcome that kind of thinking.

According to Verizon’s 2018 Data Breach Investigations Report, 58% of the organizations victimized by data breaches in 2017 were small businesses. And it’s easy to see why: Most small businesses don’t have the security resources and/or expertise of large organizations, so they’re more vulnerable.

Here’s more from the Verizon report that is significant for small business owners:

Verizon Report

Over the years of working with our clients, TechGen has put together the following IT security checklist. Some of this you may find overly techy. Whether you have in-house IT staff or an outside IT security specialist help you, the following issues should be addressed at least once per year.

Protect Your Small Business With These IT Security Best Practices

1. Scan network firewall and update security subscriptions

Basically, a firewall is a set of rules that dictate which types of traffic will be allowed into and out of your network.

2. Review user accounts and security groups

Hackers gain access to networks through inactive accounts, often finding them by searching LinkedIn or other social networks to find people who have recently left organizations.

3. Run domain name system (DNS) lookup

The DNS is something like the Web’s phone book, storing information about IP addresses and domain names.

4. Activate group policy lockout

A “brute-force” login is an attack in which a hacker tries repeated combinations for user IDs and passwords to get onto your network. Certain tools help attackers use multiple ID/password combinations in quick succession.

5. Enable two-factor authentication (2FA) wherever possible

2FA adds a second layer of security to passwords, to make it more difficult for attackers to gain access to a network or a device. For example, in addition to entering a password on a laptop, a user is required to enter a code that’s texted to the user’s cellphone, or provided by an app.

6. Review/replace vulnerable legacy software and hardware

Older software and hardware are more vulnerable to security breaches than newer stuff. A typical setup is an old desktop PC running Windows XP running an old version of Adobe that you keep solely to run a printer.

7. Activate Windows 10 BitLocker

Encrypting your users’ PC hard drives protects their contents if stolen or lost. It also helps fully erase data from hardware that you’re getting rid of.

8. Check your data backup

This may be the most critical security measure, because if everything else fails, you’ll be able to scrub your network and devices and re-install your data. Be able to answer “yes” to these questions:

9. Install business-grade endpoint security software

Every desktop, laptop, and mobile device your employees use to connect to your network is an “endpoint” -- and a potential security risk.

10. Conduct security awareness training and testing

Keeping your business’s network and data secure is as much about people as it is about controls, settings and processes.

11. Establish and enforce password policy

Password habits die hard, so weak passwords remain a primary security risk. Hackers know all of the tricks for creating easily memorized passwords, like using a row or column of keys on a keyboard. And they have software that finds these passwords in no time.

Use the IT Security Checklist for Small Businesses yourself or with a qualified outside expert.

How to Use This IT Security Checklist: Next Steps

Tech people. We do love checklists, don’t we? But in this case, I’m not expecting you to go through this list and check off each item as you knock down each item, badda bing badda boom. Here’s what you can do with this information:

If you know what you’re doing, get these actions on a calendar now.

If you or an internal IT staffer has the ability and administrative access to take care of these items, or some of them, put a due date on your calendar now for each item you plan to address.

Hire an outside firm to handle what you can’t

If you don’t have the knowledge or resources to address any of this, consider getting a professional IT security audit. You can use the checklist as a guide to see if the auditors address each of these areas. Or if you have an IT support firm already in place, hand off this IT security checklist and let ‘em at it.

Stay vigilant

Perhaps the most important to-do for the checklist is to update it regularly. Computer technology and fraud threats change rapidly — your IT security program needs to evolve with them.

Your small business doesn’t have to be a pushover for cyber criminals. They’re just like many other kinds of thieves: If you put some basic protections in place, they’ll move on easier targets.

Let's Chat! Contact Us Today.

Fill out the form below and one of our IT experts will be in touch with you shortly to discuss all your IT needs.

Share This Article With a Friend!