PBT work with many small and medium businesses to implement and support their IT Infrastructure, Business Systems and business critical data.
We have updated this page with the latest Small to Medium Business IT Security Recommendations from PBT.
Please use this page as a checklist, to think about your organisation and how well prepared you are for the coming threats.
Small to Medium Businesses should have the following in place:
IT Maintenance & Monitoring
First & Foremost, we recommend Monitoring and Maintenance steps to ensure that your environment has the latest updates, security features and basic checks in place. Read our recommended IT Maintenance and Monitoring steps here.
Managed Online & Local Backups that are Monitored and Restore Tested
While everyone understands the need for backups, many clients are often under a false understanding regarding the reliability & security of their backups. The key elements that are required for a sound backup solution include:
- A backup solution combining both On-Premise (Local) and Online (Cloud) backup storage is essential. Both are required as local backups can be at risk with a cyber attack (encrypting backups), and in the case of major disasters where the on-premise storage is destroyed.
- Physical Monitoring of the Backups. Backups cannot be left to simply run, as they will surely fail at some point over time. Everyone knows someone who thought they had a working backup solution, only to find out when they needed it, it had stopped working or was only partially backing up the required data. We recommend and provide a service where backups are checked three times a week. However, this does not provide a guarantee of a working backup; for that you need to conduct test restores.
- Test Restores – We often say it’s not Backups that count; it’s Restores. We are very clear to explain to clients that checking the status of a backup or report does not guarantee that the backup will be restorable. Restore tests on a range of key customer files should be done monthly to ensure backups can be restored. This is the only definitive way to ensure working versions of backups.
Microsoft/Office 365 Backup
As customers move their data to the cloud and leverage Microsoft’s services, it is important that a backup of this data is taken regularly to another location and be easily restored.
Centralised Data Storage
Ensuring that all company data is stored in a central location and not on individual PC’s or Laptops. For On-Premise storage, this should be on a NAS or SAN with Raid capabilities to protect from Hard Disk Failures. With the popularity of Microsoft 365 Sharepoint, this provides a very good cloud storage solution and, in many cases, a preferable solution for small & medium businesses.
Endpoint Protection & Response - replaces common Antivirus Solutions
Endpoint Detection & Response (EDR) software has replaced standard Antivirus solutions as the more advanced and secure solution for stopping Viruses and Malware on staff devices and servers.
EDR solutions provide more comprehensive network security than traditional managed antivirus solutions and have capabilities that many managed antivirus software programs can’t offer.
EDR doesn’t just use traditional virus signature updates like Anti-Virus, but also collects data on numerous activities across a device and monitors the activities executed on the device to identify and remediate threats.
It uses machine learning and artificial intelligence to track potential threats and act on your behalf to stop and even roll devices back to their pre-attack state.
As an example, suppose an individual makes the mistake of downloading an attachment from a phishing email. In this case, the malicious document will attempt to take control of the device by launching a script so it can download ransomware software. EDR will log and monitor this behaviour, quarantine the Ransomware, and roll back the endpoint to a known safe state. It’s even possible to disconnect and isolate the infected device from the network—minimizing the risk of other devices becoming infected.
Two Factor Authentication on Microsoft 365
While we cover two-factor authentication in our Office 365 Guide here, it’s worth mentioning that two-factor authentication should be enabled on Microsoft 365 logins. Where passwords are compromised, this protects the users from having their email, and other data breached as it requires an additional code to also be entered to gain access
Network Security Policies and End Device Control
A Network Security Policy that encompasses the below points:
Complex Password Policies – The longer and more complex a password, the longer it takes for cyber criminals to work them out. They use automated software that scan the internet for commonly known exploits (a front door to your system) and then start systematically trying password combinations. Complex passwords can increase the time it takes to work out a password from a few hours to hundreds of days.
App Locking – App Locking refers to configuring your servers and workstations so that applications cannot be installed without the right permissions. This is especially important in the case of crypto viruses that encrypt your files or install crypto mining software. By limiting the ability for software to install and run, these programs can be stopped from executing and causing data loss.
Mail Protection / Filtering Software
An essential component as a layer of defence against cyber-attack. Your email passes through a complex scanning engine that looks for spam & malicious emails and filters them out before getting to you or your staff. This reduces the chances of Phishing attacks, Crypto viruses & Ransomware entering the organisation.
Web Protection controls which websites employees can access and scans web pages before they load. It looks for suspicious indicators so that they can block the websites in real-time. This can greatly assist when staff accidentally click on links in fake emails, stopping malware and loading fake websites that capture your password details.
VPN / REMOTE DESKTOP GATEWAY (With Two Factor Authentication)
Clients must have a VPN or Remote Desktop Gateway when providing remote access to their On-Premise systems to staff. These significantly increase security and reduce the chances of cyber criminals gaining access to your data via several methods. It is preferable that Two Factor Authentication is enabled on the remote access solution as an added layer of protection, and clients use an authenticator app to enter an additional code for access.
Password Management System
Organisations should store passwords in a secure, encrypted system that can be accessed by staff with authorisation. These systems are relatively inexpensive, and provide a key layer of protection.
Leaving staff to individually manage passwords will lead to them often stored in unencrypted files on a user’s desktop or in their Email Notes and various other methods.
They should be stored in a safe and secure company-wide system with auditing enabled so an organisation can see which staff have accessed a particular password.
UPS – Uninterrupted Power Supply
An appropriate UPS protects the servers from shutting down in an uncontrolled manner when there is an interruption to a power supply. This is a common cause of downtime when servers are not shutdown properly and then have trouble restarting (for a variety of issues). UPS is essential and only a small investment.
Education & Testing
You are a security layer. By paying attention and being educated on the common security risks for SMB’s you can help protect your organisation against cyber crime. There are a number of security tests that can be run on a regular basis which we outline here in our recommended monitoring & maintenance plans.
Please contact us to discuss
If you would like to talk to us about implementing these IT Maintenance tasks into your service, please contact us to discuss on 1300 720 767.