In the digital age where all paperwork, records, and ongoing projects take place on local and cloud networks, nothing matters more than cybersecurity to protect your business data.
All data, from finances to brand reputation, runs through networks and software to form the complex dance of modern business.
You are in possession of a constantly growing mountain of data and most of it is private. It belongs to the customers, employees, or as proprietary ideas for the company itself. Each type of data you store is not only valuable to you. It can also be misused by any hacker who will try everything they can think of to steal it.
There are a lot of different ways to hack. Some crack into guest wifi networks, some covertly replace credit card scanning machines, and quite a few do their dirty work with targeted phishing emails. No matter what kind of hack you might be facing, the best defense is a multi-layered one.
Fortunately, the comprehensive business software and infrastructure offered by Microsoft makes this surprisingly easy for businesses of all sizes. Between Azure services, Office 365, and constant security updates in response to new threats, Microsoft can help.
If your business, like so many others, runs on Microsoft, all you need is the right configuration, IT support, and best practices to keep your business data safe. When your firewalls, employee training, and malware detection are all aligned to defend, there is very little a hacker can do to gain access.
Here are 13 useful techniques to protect your business data.
1. Encrypt Everything
Hackers may breach the defenses. They may slip past your firewall or trick someone into clicking a phishing email attachment. But they have to be able to read your data to sell or misuse it.
Encrypting is the best possible defense against a security breach because even if hackers expose, copy, and escape with a thousand lines of customer data, an encrypted database will mean they have nothing. Without the encryption key, even a successful hacker will find that they have a thousand lines of completely unreadable gibberish.
Your best approach is to simply encrypt everything all the time. Microsoft supports encryption and has made it easy to encrypt many aspects of your business, including email at rest and in transit. For comprehensive defense, the Azure Information Protection service can help you secure everything from documents to data storage with designated tiers of security. Even better, Azure Information Protection is included in the Microsoft Enterprise Mobility + Security package.
Of course, for independent and internally developed software, be sure to include encryption in your own code as well. For remote communications, don’t forget to encrypt both locally and on mobile devices. This prevents packet reading in transit.
2. Scan for Vulnerabilities
Vulnerabilities are loopholes and security gaps in the software your business uses. No software is perfect and there’s always room for improvement. Vulnerability scanning allows you to check your software stack for any recognizable security gaps or dangerous loopholes. It essentially looks for flaws in the software that a hacker might be able to use to gain access or do damage.
A scan should leave you with a fairly comprehensive map of issues to resolve and some suggestions for how to resolve them. Microsoft’s vulnerability scanner is known as the Baseline Security Analyzer or MBSA which analyzes for best practices. For a complete look at all possible security holes, try implementing products such as Nessus and Microsoft Operations Management Suite.
3. Patch and Update
The most common solution to a detected vulnerability is a software patch.
In many cases, if the scanning software can find it, the original developers will eventually recognize the flaw, fix it, and release an update.
You may or may not have automatic updates on and the update might be optional and, therefore, skipped. Leave your automatic updates on for both Microsoft and independent software and remember to check for optional updates and patches that fix security vulnerabilities.
4. Whitelist Wifi Only
Devices that connect to your company wifi network have the ability to connect with the hub and other devices, which means you don’t want just anyone within range connecting. While password protection is slightly more secure, the password is not exactly secret if your entire staff knows it.
The most secure solution for both company and employee wifi devices is to approve them one at a time. This not only prevents hackers and rogue devices from connecting, it also prevents new employee devices that might be infected from connecting. Then, when employees want a new device to connect intentionally, they will first have to submit it to an IT technician who will approve the device before granting it access.
5. Scan All New Devices
That said, an infected device is the growing risk of the BYOD (bring your own device) trend. The last thing you want is to spend months securing your network from outside attack only to pick up a dangerous malware from an employee’s mobile device they brought to work.
By restricting wifi access, your IT team will have the chance to detect infected devices before they connect and even clean the devices for the employees.
You might even want to streamline device scanning and check all company devices regularly to prevent malware and viruses from entering the network.
6. Never Store Passwords
Passwords are the biggest pain in network security. There is an ongoing debate about whether mixed character passwords are stronger than long phrase passwords, but both sides agree that the way you store your passwords matters as much as how strong you make them. For example, never keep a plain text record of your passwords anywhere ever. However, the biggest current risk is storing your passwords in your internet browser.
This may be really convenient, but convenience is always opposite security. Your browser also conveniently opens as you and logs you into everything with nothing but a click. This means that anyone sitting at your desk or with a synced device of yours can now access all your accounts.
If you do need to store passwords because there are too many to remember, consider Keeper, Microsoft’s secure password manager vault.
7. Limit File Sharing
Along the same lines, the more files, servers, and devices are sharing on your network, the more exposed your network is. If there is an intruder, all that convenient file access is going to make it easy for them to find what they need and go.
Of course, file sharing is necessary for modern business so you will always need to have some things available. But consider isolating permissions and disabling sharing when it’s not actively being used.
For the files that are currently being shared or for those that are selectively shared at certain times of day, you may want to implement Microsoft Cloud App Security. This will allow you to see not just what is and is not being shared. It will also help you understand what’s being shared and who is gaining access. The service will give you some insight into:
- Which shares are being used;
- Who is accessing them (including those who have already left the company); and
- Other cloud applications that may be accessing your files.
You can also use it to selectively limit who and what can gain access based on things like device, location, identity, and session context.
8. Remote Device Wiping
Employee devices will inevitably contain or have access to company information. Whether the device is auto-logged-in to the company cloud or locally storing private documents, it is only considered secure while in the possession of your employee.
If they report it stolen, lost, or even borrowed, you may need the ability to wipe it remotely. The only way to do this is to set the app up ahead of time. So, make sure every employee’s personal device is equipped and permissions are signed before that happens. Microsoft Exchange Server 2010 is one available tool that can remotely wipe devices if that ever becomes necessary.
Fortunately, the remote wipe doesn’t have to inconvenience your employees too much. You can make recovering or by replacing the phone, tablet, or laptop incredibly easy by also offering a regular backup system.
9. Wipe Data Before Selling Equipment
Every company goes through cycles of growth and shedding old assets. When you’re on the cutting-edge of technology, you’ll frequently cycle out old equipment to sell to other businesses.
While it’s great to hand down equipment, you don’t want to accidentally sell them some of your data as well. Make sure your team wipes any recycled company device before it leaves the building. You will also want to inform employees how to wipe their personal devices before they grow out of each position as well.
10. Clear Out Old Data
Companies are constantly storing data, often with several internal servers and third-party hosts at the same time. It’s all too easy to lose track of how much data you have stored, backed up, archived, or lost in a folder no one uses anymore. Make sure to do an annual data audit and clear out all old data that is no longer useful.
You may want to keep historical use cases. If so, consider removing all identifying data and keeping just the survey information you’d like on record.
11. Watch Out for Public Wifi
Public wifi networks, those that are open to everyone and not secured by a password, can’t be trusted.
Yes, they are convenient, everywhere, and often provided by reputable companies. But they are also a very common avenue for hackers. They can either crack an existing wifi network and access other connected devices or host a wifi network with a hotspot and wait for others to unknowingly (often automatically) connect.
Advise employees to turn off automatic wifi connection. And watch out for any public wifi networks that mysteriously pop up inside your building.
12. Network Monitoring
Like encrypting, network monitoring is a security measure that can combat malware even after it is hiding in the system.
Network monitoring watches all the basics but in great detail. It can tell you the temperature of your servers or the number of packets that have come through your gateways. If configured correctly, it can spot suspicious resource usage, behavior on your network or communications with the internet that would indicate lurking malware.
Thankfully, Microsoft has an option for local network monitoring simply known as Microsoft Network Monitor.
13. Device and Screen Locks
Finally, remember that employee computers and devices are not manned 100% of the time. However, most people don’t remember to log out of all their company applications every time they take a break or put down their phone. This is why device locks and screen locks are an important security measure. Even a simple unlock pin is enough to thwart the majority of opportunistic espionage. Make sure that company screens and devices lock themselves after a short period of idle time.
The more layers you employ to protect your business data, the safer your business becomes. The more techniques are in place to increase security, the less likely an accidental breach becomes. With an up-to-date Microsoft infrastructure, strong IT security practices, and a well-trained tech-savvy staff, your business can effectively repel cyber threats. Working with a partner like Agile IT can make sure you have the highest quality security software, help with complete security assessments, and uphold ongoing business data and network security. With expert security, admins and support technicians can successfully protect your business data.
For more cutting-edge security tips, software, and the best practices for your business, contact us today.