As the year comes to a close, you are probably focused on important business tasks like closing out your books, planning for 2018, and yes, even enjoying a little holiday cheer. Before you call it a day on 2017, though, don’t forget to address a few important IT security tasks as well. Getting your business security ducks in a row now can help you start off the new year on the right foot, and with greater peace of mind that you are doing everything you can to keep your data safe.
Some of these tasks are simple, while others require an investment of more time (and in some cases, money.) Take care of them throughout the month of December, or dedicate a few days of focused work, and you’ll easily be able to check them off your to-do list.
1. Change Passwords
Two-factor authentication and biometrics are becoming more common, but passwords are still the most common method of accessing private accounts. Not changing your passwords regularly (most experts recommend every 90 days), recycling passwords, and using the same credentials on multiple accounts create risks, as once a hacker figures out your password for one account, he or she will try it on others as well, potentially leaving your sensitive data vulnerable. At the end of the year, change all of your passwords according to best practices (at least eight characters, a mix of numbers and letters) or use a password manager to create random codes for you. If two-factor authentication is an option, and you aren’t using it, get that set up now.
2. Back Up Your Files
Backups are vital in the event of a disaster (and more on that in a moment) but a majority of small businesses aren’t backing up their data, or are using inadequate backup tools and technology. Now is the time to ensure that your operations and Salesforce backups are actually working – ideally, you should be testing your backups monthly anyway – and run a full backup of your entire network. That way, if they unthinkable happens and your machines are lost, stolen, or locked, or a hard drive fails, you won’t be scrambling to find data. Remember the 3-2-1 rule for backups: Three copies, 2 formats, and one off-site version.
3. Install Patches
Unpatched or updated software is one of the leading causes of data breaches. Hackers look for vulnerabilities in common software or operating systems, and exploit them to launch attacks. If you have been putting off patching and updating software, ignoring the messages on your machines, now is the time to get them installed. In most cases, it doesn’t take very long, and it can save you hours of headaches (and potentially thousands of dollars) by keeping hackers out.
4. Install Internet Security
Year end is the ideal time to review the security protocols that you have in place, and make adjustments to better protect your business. One such change is to invest in maximum internet security software that will not only protect your computers against viruses and ransomware, but also secure your social media accounts, manage your passwords, support your firewall, and help keep your system optimized to prevent slowdowns and other problems.
5. Review Policies and Disaster Plans
If you have employees, do you have policies in place to secure your network service? Policies related to internet access, email use, encryption, BYOD, and remote access – among other topics – can help keep guide your employees in making the right decisions and avoiding common security risks that can be costly to your business. If you don’t have policies in place, now is the time to begin developing them; if you have policies, review them and update any necessary information, and implement a training program to educate your team on any new protocols or procedures.
Year end is also a good time to review your disaster plan, to ensure that it is up-to-date and addresses all of the potential risks that your business may face. As your company grows, the risks to your security will evolve as well, so it’s important to identify them and create a mitigation plan before the worst happens. If you don’t have a disaster response and recovery plan, make it a priority to develop one. Consider how you will handle backups, communication issues, and how you will get back up and running, so you avoid sustaining significant losses.
If you take care of all of these tasks at year end, you will get 2018 off on the right foot security-wise, and feel confident that you can work toward your goals without interruptions by security issues.