Have You Implemented These Security Best Practices?
If your business hasn’t put protections in place for your technology infrastructure, that needs to be moved to the top of your to-do list, yesterday. It isn’t as though the increasing number of threats are going to avoid you until your network is prepared to deflect them. Therefore, you need to take action now. To help, we’ll review some of the most important security considerations to make for your organization.
Tip of the Week: Why You Should Reconsider Your Best Practices
The term “best practice” has been used by businesses for years to describe the optimal way of performing a particular task. However, before fully adopting them into business operations, it is important for these practices to be examined and deemed to be beneficial to an individual company’s circumstances. If they are not, a company risks much by adopting a misplaced best practice.
The major problem is that “best practices,” while useful if applied properly, is a term that has largely become a buzzword for businesses to use in their communications. This is dangerous, as there is a lot put at stake based on the term “best practice” alone. Therefore, it is crucial that so-called best practices are reviewed and examined before a business puts strategies based on these practices into place.
This was the argument made by Professor Freek Vermeulen in his recent book, Breaking Bad Habits: Defy Industry Norms and Reinvigorate Your Business. An interview with the Harvard Business Review allowed him to discuss the phenomenon further.
To provide an example of how best practices may not always be of a business’ best interest to follow, Vermeulen discussed a South African bank called Capitec and how they relied on reverse benchmarking to identify how to become an outlier in their industry.
The practice of reverse benchmarking can be summed up as the process of examining how one’s industry typically operates in order to identity weak spots in accepted practices and improve internal business operations. This can often lead to the abandonment of what is considered the status quo, if not heavily modifying it.
Capitec’s examinations revealed that other banks in South Africa had a tendency to close at four o’clock in the afternoon. To abandon this status quo, industry-standard practice, Capitec not only extended their hours to enable those who worked during the day to see to their banking needs once their work day was over, they even implemented Saturday hours in many of their branches. As a result, Capitec has since carved out a healthy market share for themselves.
This account is just one example that shows how what is standard practice might not be what is best for the business following it. However, many businesses give some push back when directly asked why they follow the practices they follow. These businesses often will respond with some statement that essentially says “this is what is comfortable” or “this is how it has always been done.” These answers are a good sign that, according to Vermeulen, an organization needs to run a self-audit to determine if they are enacting practices because they benefit the organization, or if they are simply resisting change.
Furthermore, there is the risk inherent in assuming that something that made a business successful is automatically a best practice. As Vermeulen mentioned in his interview, many companies who have reached the top may have simply been lucky as they enacted risk-laden strategies, and most of the companies who tried similar strategies have long since failed and been forgotten.
Of course, changing established practices and patterns is not easy for businesses to do. Vermeulen notes this, stating that many companies will hold out until they have no choice but to make a change. This is usually done at the point where their profits and productivity take a hit. However, waiting until this point often makes change more difficult for these companies. According to Vermeulen, the key to avoiding unnecessary difficulty is simple: “Be proactive.”
By taking the opportunity to audit your business practices before your company is stuck in a life or death situation, you can more clearly see where your company is weakest. Better yet, you will be able to remedy these weaknesses before your company is at risk.
Catalyst Technology Group can help you evaluate your IT solutions to ensure that they are not contributing to any weaknesses that your company may suffer from. Call us at (317) 705-0333 for more information.
Best Practices for Data Backup and Disaster Recovery
Have you considered the process in which your organization takes data backups and restores them following an emergency? The value of data backup and fast recovery can’t be ignored. Unless you take proper precautions, you could potentially face a situation that threatens the very existence of your business.
To emphasize the importance disaster recovery, consider this example. If your office were to catch fire due to an electrical problem, your legacy could erupt in flames alongside it. Even if you evacuate the building and save your employees, your technology will suffer and burn with the building. Some networking components might survive, but you’ll be lucky if anything can be salvaged from an event like this. This is why every business needs a data backup system in place.
Natural disasters, like floods, hurricanes, and thunderstorms can all cause problems for you as well. Therefore, you need to take care with how you manage your technology and your data. Even the slightest mistake could lead to large amounts of data loss. Therefore, the question of whether you will suffer from some sort of disaster isn’t if it will happen, but when it will happen. You need to take measures now to avoid suffering from disasters in the future.
Many organizations that have considered data backup and disaster recovery may not have the most optimal solutions implemented. If anything, they will have magnetic tape backup, which has long been considered the industry standard. Unfortunately, the many flaws prevalent in tape backup make it unappealing for SMBs. Since they are so resource-intensive, they must be performed after hours, and only one backup can be taken during the workday. This means that you could lose up to 24 hours worth of data in the event of a disaster–not exactly the ideal way to manage disaster recovery.
Plus, since some organizations will keep their tape backups located on-site or on their in-house infrastructure for convenience, a fire could simply destroy them along with the rest of your assets. A hacking attack could also target any digital backup files stored on your infrastructure, placing them at risk of corruption or theft. Naturally, the best way to handle data backup storage is to store them offsite, but this can complicate the actual disaster recovery process. What is the ideal way to store data while also allowing for great recovery time?
One way to solve these issues is to reach out to Catalyst Technology Group and ask us about our cloud-based backup and disaster recovery (BDR) solution. Since BDR takes smaller backups as often as every 15 minutes, your data loss is significantly reduced, if not mitigated completely. BDR only takes backups of files that have changed since the last time a backup was taken, ensuring redundancy without causing trouble for operations. The possibility of user error is also eliminated, as the backups happen automatically rather than manually. Your data will then be sent to a secure offsite data center for storage until the day you will inevitably need it. The data is then recovered via an Internet connection directly to the BDR device until you’ve found a replacement server unit to fulfill the role. It’s just one way that enterprise-level technology can help your SMB thrive.
To learn more about data backup and recovery, reach out to us at (317) 705-0333.
Tip of the Week: 11 Security Best Practices Every User Should Know
You might spend a significant amount of time thinking about your business’s security practices, but the same can’t be said for your organization’s employees. Unless you give them a reason to care about security, they likely won’t. The resulting apathy could eventually become serious problems that could hinder operations in the long run, or worse, expose your business to threats that could put your employees and your clients in danger.
In order to keep these instances to a minimum, consult the following cheat sheet. This will give your employees a great way to follow critical best practices.
Essential Cybersecurity Considerations
- Use the company’s network to store files: Always store your organization’s data on an in-house network. This is because any files stored locally on your desktop might not get backed up. Do not use personal cloud accounts, like Google Drive or Dropbox, to save or share company-owned documents.
- Never leave your workstation unlocked and unattended: Always lock your computer using the Windows Key + L shortcut before stepping away from it, even if only for a moment.
- Don’t connect unknown devices to your work PC: This is especially important for small devices like USB drives. You never know what could be on them.
- Don’t download or install applications without approval: If you download an app without permission from IT or a network administrator, you could cause problems for other employees. Always ask for permission before downloading or installing software.
- Don’t respond to unsolicited or suspicious emails: If you receive a message that has an unknown or unfamiliar sender, it could contain malicious ransomware or other nasty threats. Be sure to notify IT immediately so that they can investigate the issue. Be especially cautious around unsolicited proposals or resumes.
- Don’t accept support from unexpected callers: If you receive a phone call from someone claiming to be from Microsoft support (or other well-known companies), just hang up. These callers are often fraudsters hoping to remote into your PC and access company information.
- Adhere to password best practices: Keep your passwords strong and complex at all times, and never use the same password more than once.
- Get approval for mobile devices from your manager: Don’t use your smartphone, tablet, or laptop for work purposes until you’ve been granted approval. This is to keep company data as secure as possible.
- If you see someone, tell someone: If you think that something is out of the ordinary, like an intruder in the workplace, be sure to alert management. Visitors should not be allowed to roam around the office unattended.
- Think twice before clicking: If you’ve received a link in any correspondence, you should avoid clicking on it until you’re sure it’s from a trusted source. Links can often be considered cyber threats, especially those that are in spam messages.
- Report issues as soon as they appear: If you experience something that seems troublesome, report the issue to management immediately. Proactive vigilance is the best way to prevent downtime, and it only serves to make your job easier.
Print this list out and hand it off to any employees who could use training on security best practices.
Keeping the business secure isn’t just your responsibility–everyone should be involved in the process. By following this list of best practices, you stand to protect your business against threats that could harm operations. To learn more about how to secure your business, including external technology solutions that prevent issues from transforming into major problems, reach out to us at (317) 705-0333.