Are you Overlooking these 5 Critical IT Security Measures?

Let me ask you something: How well equipped is your company to deal with and respond to a potential data breach? On a scale of 1-10. Do you know? Not sure? Experian put out an interesting report regarding data breach preparedness. They found that 23% of respondents believed that their organization doesnt understand what needs to be done following a material data breach to prevent loss of customer and client trust. 30% werent sure at all and only 14% agreed. That should tell you that if youre not taking proactive steps to prevent and manage data breach, youre not alone. Thousands of companies are overlooking the most basic IT security measures and have little understanding for where to start. Are you one of those companies? Take a moment to explore five of the most commonly overlooked IT security measures and see how you stack up.

1) Password Complexity

The most common security passwords are 123456 and password. Common sense tells you that these are easily hackable and shouldnt be used, but we continue to use them year after year. If your employees use these types of passwords for their personal data, its not a far cry to believe that they might be setting their work passwords to something similar. While these may be easy to remember, theyre about the farthest you can get from secure. Make sure that you implement a standard for password complexity. The hardest to uncover are those that include special characters, a mix of upper and lowercase letters and numbers that are not sequential. Make sure that you educate your employees on the importance of secure passwords and offer a standard for them to use in creating their own password.

2) Password Change Frequency

Having a complex password protects your customer and company data significantly better than having a simple, easy-to-recognize password. But how often should your employees be changing this password? Every 30 days? More often? Less often? Youll be interested to know that users dont have to change their passwords as often as you might think. For example, this Lifehacker article references a few studies that actually suggest that frequent password changes can be detrimental to user productivity. Strike a good middle ground between frequent changes and leaving dry passwords to exist as your employees turn over. Depending on the sensitivity of customer data and how our clients infrastructure is configured, we recommend password updates as frequently as every 90 days or as infrequently as annually. Like most of your IT decisions, this is subjective. Do make sure that you change passwords when your employees leave, as you want to protect data access by those not within your organization.

3) Windows Patching

Windows patches can seem annoying. They can seen counter productive. If youve got a Type A employee that doesnt like to be interrupted they can even seem like a theyre inhibiting efficiency. But Windows Patches are what keeps your workstations and server up to date and protected against the latest security threats. Failure to implement these updates could mean a massive data breach or infection that could not only compromise data but take down your organization for days or weeks. In short? Complete these updates. Often. As often as every day is ideal, but if you have a Managed Services or IT provider that is completing these updates for you it wont be quite as intrusive for your users, as these updates can be done automatically every evening or during scheduled maintenance windows.

4) Mobile Device Passcode

Weve covered mobile device security and BYOD extensively in our blog. This article in particular was pretty popular with regard to mobile security. When your employees bring their own devices and add their company e-mal to those devices, your company data is quite literally one swipe away. Making e-mail and mobile phone passcodes mandatory is one of the more important elements with regard to IT security. Its not optional.

5) User Security Policy

The absolute most important thing when it comes to your IT security and something you shouldnt ever overlook is having a security policy in place for your users. The policy should outline the handling of sensitive data, how mobile devices should be treated, password mechanics, and all other elements in your strategy. Just like you want to educate yourself on the importance of security, you have to educate your users on the why behind each step theyre taking. Just telling your employees to create a secure password isnt enough, they have to understand why theyre doing it. A security policy gets all your users on the same page and places a published standard of security compliance out to be clearly followed.

IT security isnt something to mess around with. Sure, small businesses are much less likely to be attacked than some of the major companies that have been breached to date, but that doesnt change the fact that it happens. Whether or not you continue to overlook these important IT security measures could be the decision that makes or breaks your business.