Like it or not, your employees’ digital habits may not be very secure. In fact, some of those practices may cause your company to be vulnerable to data breaches, malware, or other security threats.
In the first part of this two-part series, we looked at how to educate your employees about potential security threats. But, truth be told, some habits are hard to break.
Fortunately, besides changing employee behavior, there are also ways an employer can be proactive –limiting the damage employees can do when they don’t take security seriously.
Here’s a look at some security measures every business owner should take to proactively secure their business:
Antivirus and Malware Software
Antivirus is the one security software you can’t live without. Whether you install Microsoft’s free security suite for Window users or opt for Symantec, McAfee, or another market leader, first make sure antivirus and malware software is installed on every computer. Second, make updates automatic so there’s no risk of your system being exposed because you (or your employee) forgot to update a security patch.
Although a consumer-grade solution will work fine for most small businesses, as your business grows (and for other small-to-medium-size companies), it may be worth exploring business versions. Business security software provides additional security by centralizing the management of endpoints, allowing an administrator the ability to set up and enforce network-wide usage policies, view all log entries and alerts in one location, and use a single-sign-on interface to configure endpoints.
The first step for good password management, as discussed in Part I of this series, is to create policies that require all devices to be password protected while prohibiting the sharing of passwords, password reuse, or creating passwords that are too simple. However, these are merely policies and can be difficult to monitor and enforce.
A password manager is one tool you can provide employees to help nudge them along to compliance. A password manager will store all an employee’s login credentials in an encrypted environment that requires a master password to access other passwords. These types of services are already popular with individual consumers, but there are also business versions specifically focused on providing the same service to employees for business-related accounts. Dashlane and LastPass – popular consumer password managers – offer enterprise versions. Other choices exist as well, many with specific areas of focus; Common Key, which is built for small teams, and Meldium, which focuses on passwords for cloud services.
While there may be some concern that a password manager contains one access point to all your employee’s work-related passwords and accounts, the risk is minimal given the level of cryptography applied to password managers. There’s a much higher risk of a breach due to weak or repetitive passwords, so providing employees a tool that helps them create and remember strong, unique passwords is a good investment.
Like antivirus software, firewall protection almost goes without saying. But, the question still remains – what level of firewall protection do you need? Ultimately, you want a firewall that can monitor traffic to prevent inappropriate access from outside the network, but won’t stifle productivity by constantly querying you to allow or block specific sites.
The built-in Windows and Mac OS firewalls cover most of the essential firewall tasks, and may be enough protection for small businesses. For those that want deeper protection, such as application control – where programs are monitored closely for suspicious behavior – it might be worth investing in a higher level of firewall protection.
Antivirus software stops viruses from infiltrating, but if employees are duped into giving out key security information, you’ll be vulnerable no matter what security measures you have in place. Software that offers privacy protection can help steer employees away from phishing sites as well as offer specific protection for other critical data. The most robust options include a secure browser that can keep security-critical activities (like financial) isolated.
Whether you have a large number of work-at-home employees, field employees, or just the occasional employee working from a coffee shop, setting up a VPN adds another layer of security and protects against unsecure connections.
There are a number of VPN options on the market, so determining the right solution to implement will depend on the application. One option, an IPSec VPN, connects hosts to entire private networks. Another option, SSL VPNs, connect users to services and applications inside those networks. Also important to note is that IPSec VPNS can support all IP-based applications, while SSL VPN application services will vary.
You will also want to make sure you have a static IP address for your VPN to connect to. Most business-class DSL and cable connections default is a dynamic address, but a static IP address can be provided upon request. Finally, you will either need to install the VPN behind your firewall, or you can use your VPN as your system’s firewall, which will make installation less complicated.
Many of the security features listed here can come as point solutions or integrated into a security suite. Although an integrated suite often does the same tasks as an all-encompassing security suite, but uses fewer resources, going with an all-encompassing security suite may be the best option since it can keep your networks overall performance levels higher. Bandwidth should also be considered, both to keep performance on the network high, but in particular to support remote VPN logins. Otherwise, remote users will encounter slow network speeds that can impact their productivity.
Your employee’s personal security habits may be out of your control, even when you do your best to put policies and training in place to help. But by implementing the solutions listed here, you’ll have significantly closed the security gap even if employees remain your weakest link.