Educate Your Employees (and Yourself)
We love our employees, but unfortunately, they’re the weakest link when it comes to company security. Most of the time it’s not because they mean to do any harm, but their lack of understanding of basic security can lead to horrendous breaches of information, all while they’re apologizing profusely.
Because of the potential for problems with uneducated employees and the consequences of their careless (accidental) actions, education can benefit just about any of them and it doesn’t have to be expensive. If you happen to know a lot about security, you can put together a slide show to teach your workers all about what they can and cannot do. It’s even more powerful if you have a good example that’s relevant to the group because of a recent mistake made by an employee at the office, for example.
Worry About Your Network Perimeter
This point is especially important if you use any sort of cloud network, even if it’s a private cloud network (virtualization). It’s likely that at least some sensitive data resides in your cloud, which makes it even more important to protect passwords and have a firm network perimeter.
Changing your passwords (rotating them) frequently on a strict schedule so no one can say they weren’t told
Two factor authentication and location tracking – both are easy to implement and are cheap, if not free
Some sort of third-party web security proxy service that serves as a cheap, neutral barrier between the Internet and your network
Protect Your Servers
If you have the cash, an extra layer of protection on your servers is never a bad move. Since even educated employees sometimes make mistakes, it’s important to have as many security layers as possible, and your server is the route of most of your data. When you’re on a budget, it’s important to determine how data is accessed, where it is, and what the most sensitive data is. That way, you can protect that first and everything else second.
In general, make sure that your servers are restricted. If you can afford it, VPN does the job. If you can’t, at least try to make sure that web mail and custom apps can’t access the server when they don’t have to. Secondly, keep all of your server software up-to-date, as this is your first layer of server defense. Remove everything that’s out of date.
A little in the security budget can go a long way if you spend it on the right things, and you’ll sleep better at night when you do.