PBT work with many small and medium businesses to implement and support their IT Infrastructure, Business Systems and business critical data.
Below we recommend a basic configuration for a business that is running their own server(s) and workstation(s) on premise.
Over the last few the years the threat and seriousness of data breaches and cyber crime aimed at SMB’s has significantly Increased.
While many of these basics are aimed at organisational security, some are just good design initiatives and best practice to protect your organisation from hardware failure and to minimise support requirements.
Please use this page as a checklist, to think about your organisation and how well prepared you are for the coming threats.
All SMB environments should have the following in place:
Everyone knows what a Anti-Virus program is, but you should have a corporate grade, centrally managed Anti-Virus solution that is monitored to unsure it is updated frequently. New Virus foot prints are detected every day, and the only way these can be captured is by ensuring that your AV is updating reliably.
Mail Protection / Filtering Software
An essential component as a layer of defence against cyber-attack. Your email passes through a complex scanning engine that looks for spam & malicious emails and filters them out before getting to you or your staff. This reduces the chances of Phishing attacks, Crypto viruses & Ransomware entering the organisation.
Web Protection controls which websites employees can access and scans web pages before they load. It looks for suspicious indicators so that they can block the websites in real time. This can greatly assist when staff accidentally click on links in fake emails, stopping viruses and loading fake websites that captures your password details.
Centralised Data Storage
Ensuring that all company data is stored in a central network location (either on your cloud server or in a cloud application like Microsoft One drive), and not on individual PC’s or Laptops.
Managed Online & Local Backups that are Monitored
Need we say more. A backup strategy that combines both a Managed Online & On-Premise backup service is essential. The reason for requiring both is that often we see the following issues with USB Hard Disk backups:
- Hard Disks are not swapped as required
- They have a significantly higher rate of backup failure /issues which stop backup copies
- They can also be encrypted if plugged in when your organisation is breached by an encryption virus
- They are often not taken off premise
As a unified solution both the Online & On-Premise backups stay synchronised with each other and it provides for fast restoration of files from a local source when required. It also allows easier monitoring of backup statuses which should occur 3 times a week.
Network Security Policy
A Network Security Policy that encompasses the below points:
- Complex Password Policies – Cyber criminals, have automated software that scan the internet for commonly known ports (a front door to your system) and then start systematically trying password combinations. Complex passwords can increase the time it takes to work out a password from a few hours to hundreds of days.
- App Locking – App Locking refers to configuring your servers and workstations so that applications cannot be installed without the right permissions. This is especially important in the case of crypto viruses that encrypt your files or install crypto mining software. By limiting the ability for software to install and run, these programs can be stopped from executing and causing data loss.
- Desktop Firewall Rules – Windows Desktop operating systems have firewalls built within that can be controlled by your network policy. These should be configured for adequate security while still allowing users some freedom and stop users from simply turning them off.
Clients must have a VPN when providing remote access to their On-Premise systems to staff. VPN which stands for Virtual Private Network, is a technology used to add another layer of security when allowing staff to externally access your data. It significantly increases security and reduces the chances of cyber criminals gaining access to your data via a number of methods.
Your Internet Router in most cases is also your firewall, like the front door between the internet and that ‘Company treasure’ that is your data. A router that has auditing & logging capabilities, as well as in built advanced security features is essential.
Standard Network Equipment
Support can be simplified within reason where network devices such as routers, wireless access points, switches can be standardised. It allows common configurations and detailed ‘know how’ to be used in managing the devices.
Running Virtual Servers
VMWare & Hyper V are common virtual server systems that allow you to run more than one virtual server on a physical server. The most common setup that we recommend with On-premise virtual servers is where a client has a:
- Domain Controller (controls user accounts and permissions / security)
- Terminal Server (used for remote access by staff)
- SQL Server (database server that runs common business software)
These 3 virtual servers can be run on one physical server, and apart from a hardware cost savings, it makes backing up, restoring and moving the virtual servers around in times of need much more efficient.
NAS or SAN
When using virtual servers, the virtual server data should be stored on a NAS or SAN. These are essentially devices with 2 or more Hard Drives in them and fast network connections. They plug into the servers which do the processing , but the NAS or SAN store the data. If the server fails, another server can be connected relatively quickly, and you are able to get back up and running.
Having a Backup Server
We recommend having a backup server, even if it is a second-hand server (at low cost), to be used in the event of an issue with primary server. While many customers spread their processing load over more than one server, those sites that don’t should maintain a second server on standby. Virtual servers can be moved quite easily and quickly in times of need.
Use of Office 365 for Email Hosting
Office 365 is Microsoft’s cloud email hosting and Office applications solution. It takes the hassle out of having to run your own mail server, and seamlessly integrates with your Outlook, Word & Excel. It provides a raft of security features and tools at an affordable price. Please review our Office 365 Security basics document to understand how Office 365 should be configured.
2 Factor Authentication on Office 365
While we cover 2 factor authentication in our Office 365 Guide here, it’s worth mentioning that 2 Factor authentication should be enabled on Office 365 email. Where passwords are compromised, this protects the users from having their email breached as it requires an additional code to also be entered to gain access.
Education & Testing
You are a security layer. By paying attention and being educated on the common security risks for SMB’s you can help protect your organisation against cyber crime. There are a number of security tests that can be run on a regular basis which we outline here in our recommended monitoring & maintenance plans.
IT Maintenance & Monitoring
Monitoring and Maintenance steps are critical to ensure that your environment has the latest updates, security features and basic checks in place. Read our recommended Monitoring and Maintenance steps here.
UPS – Uninterrupted Power Supply
An appropriate UPS protects the servers from shutting down in an uncontrolled manner when there is an interruption to a power supply. This is a common cause of downtime when servers are not shutdown properly and then have trouble restarting (for a variety of issues). UPS is essential and only a small investment.