Getting a cyber security plan in place for your business is critical in today's world. Data breaches aren't going anywhere and not having the right tools in place leaves you vulnerable to a data breach from which you may never recover.
But just as important as getting the right tools in place is keeping them up to date. Because of the speed at which these threats evolve, not keeping your tools up to date doesn't keep you much safer than not having them at all.
Antivirus is probably the easiest part of your security plan to keep up to date. Most antivirus clients today automatically call home to their respective companies and download the latest updates and virus definitions on a daily basis. If you're using a free antivirus, though, this may not be true.
The one thing that seems to be missed is keeping the support subscription up to date for the antivirus. It is common practice for the subscriptions for antivirus software today to last about a year. If you don't know when yours renews, it's time to find out and set a calendar reminder to renew it before it expires.
As annoying as everyone finds the prompts to update your Microsoft Windows, Apple Store apps, iOS, Flash Player, Java or Adobe Reader, all of these are critically important to your security. The vast majority of these updates are security related. As is the case with antivirus software, most of these updates are free and are pushed out by the vendors, giving you little excuse not to update.
The patches that come out can be used by cyber criminals to figure out holes in previous versions. Failure to update these applications has resulted in countless vulnerabilities being used to pry open networks and steal sensitive data. If you're still running a previous version, they basically have a roadmap for how to attack you.
Another thing to keep in mind is staying current with your software versions. QuickBooks and Microsoft Office, for example, are only supported with so many historical versions. The general rule of thumb is never get further than three versions behind the current release of a product. Running a software (or server or really any other piece of technology) that has reached end-of-life means you won't be able to get support from the manufacturer. But, more dangerously, you won't receive these critical security patches, either.
The firewall and switches in your network also have updates that need to be applied regularly. These are typically going to be for stability or performance issues but can also be security related. Most of the recent updates we’ve seen for firewalls relate to being able to disable unsecure, out-of-date protocols that are now considered vulnerabilities and security risks in a network. The updates typically require a reboot of the device so these may need to be scheduled after hours (your IT company can help you with this).
As with the software, it’s a good idea to make sure that you stay current with both your firewall hardware and firmware updates. Old models of firewalls and switches are no longer supported and can begin to have problems that can bring your entire network crashing down to its knees.
Now you might have done a double take on this, but keeping updated user accounts in your Active Directory system is a great way to add a layer to your security plan. Accounts should be audited to ensure that any former employees accounts have been removed or disabled on a regular basis.
Any exiting employees should have any remote access revoked, no matter how amicable their exit may be. There have been numerous reports of terminated employees breaking back into their former workplace and wreaking all sorts of havoc. Don’t let that be you.
Keep an eye on service accounts. These accounts typically get created with software installations and are used for running programs in the background. Ensure that no accounts have been created that weren’t authorized. One of the biggest giveaways for a security breach is accounts that have recently been created without permission that have administrative permissions on a network.
As always, the task of keeping your company’s data secure is multi-faceted. And unfortunately every new day brings an army of new threats. Keep your systems up to date and you will be one step closer to keeping a safe and happy business.