4 steps to build a strong security foundation

July 6, 20184 minutes read

Select article text below to share directly to Twitter!


If you’re a small or midsize business IT manager, you may spend a lot of sleepless nights worrying about the evolving challenges of cybersecurity and IT asset management. As you toss and turn, you might contemplate the potential damage today’s more sophisticated security breaches could wreak on your business. You wonder if—even with detection and prevention mechanisms in place—there are cracks in your security foundation that could contribute to financial losses, compromised customer information, or even business collapse.

Even though you don’t have the capital and resources of a larger business, you know the likelihood of your business being victimized by a hack is still alarmingly high. On top of that, you can’t afford to ignore new threats. Fortunately, you can take proactive measures to ensure your security foundation is shored up and ready to fend off potential threats.

1. Go back to the security basics

When strengthening your security foundation, don’t overlook the well-known, nonnegotiable security basics. Today’s cybercriminals are more sophisticated than ever, so don’t be lulled into thinking any part of your IT environment can be left unsecured. Firewalls must be flexible and designed to secure both wireless and wire-based access points, while anti-malware tools should be installed on every single endpoint and server—even the ones you don’t think are likely to be attacked.

Case in point, let’s take a look at your printers. Printers are endpoints all organizations use, and they’re usually tightly integrated into critical IT systems. On the surface, they may not seem likely targets for cybersaboteurs, but if left unsecured, hackers can leverage these entry points as gateways to infiltrate your network and initiate a whole slew of damages. For that reason, you may want to consider investing in smart printers that can detect malicious code and prevent it from spreading to the rest of your network.

2. Prepare for the worst

If you’re not doing so already, encrypting data at rest or in transit just makes good defense sense. In today’s threat environment, it’s not enough to simply block hackers from attempting to gain entry. You’ll also need to make it difficult for attackers to steal your data—even if they manage to breach your network. Encryption is a relatively easy step you can take to protect your intellectual property and business data, and it’s a necessary practice for adhering to most compliance regulations, too.

In the event a data breach occurs, you’ll want a backup plan in your pocket. Even SMBs that don’t necessarily have the personnel to rapidly end a security breach can still create policies to limit damage and implement a business continuity plan. Planning ahead to minimize downtime could save your company thousands of dollars in lost revenue and customer confidence.

3. Shoot phish in a barrel

The companies that can best weather—or avoid—a serious security incident are those involving all staff in the protection of the IT environment. Spam filters can capture some phishing emails and other junk, but employee security training is key to laying a strong security foundation.

In a rather sad development, humans—not machines—have become the unwitting tools of the cyber underworld. A report from PhishMe found that 91 percent (yes, you read that correctly) of cyber attacks began with a phishing email. Why do otherwise good employees click on bad emails? Curiosity, fear, or a sense of urgency in an email header can motivate some to take that action, but lack of education lies at the heart of all these incidents.

When an employee clicks on a malware-infected attachment, they may also be tricked into providing login and password credentials. Then, bam—the welcome mat is out, the lights are on, and the smoking lamp is lit. That’s why it’s important for all employees to know exactly what a phishing email looks like and what to do if they suspect they might have received one.

In addition to cybersecurity training, it may also make sense for you to create and widely distribute your company’s data security policy. Your employees need to know there’s an agreed-upon norm for how company data or credentials can be shared, what information is restricted, and what is acceptable social media activity in relation to your company. As tough as it may seem, you should create consequences for not adhering to the policy.

4. Stack your data on a strong, secure backbone

Ultimately, cybersecurity comes down to protecting the data backbone of your business with security fundamentals. You have a lot to think about in terms of potential threats, but by taking care of these security basics, you can block the majority of your threats. Once you’ve strengthened your security foundation, IT asset management within your environment will become safer and more dependable—and a better night’s sleep will be in your future.

  • Recommended for you
  • Recommended for You