Small Business Cybersecurity 2 of 7: Be on the AlertTim Weidman
This is part two in a seven-part series regarding security concepts for small businesses. As an owner or principle of a small to medium sized business, you have the ability and the responsibility to understand security basics and ensure they are implemented for you.
- Part 1 of 7: Who has your back(up)?
- Part 2 of 7: Be on the Alert!
Last month we talked about backups as the most important first step in cybersecurity. What happens if your backups are not running? For that matter, what happens if you have computers on your network which have been infected with a virus? What if the anti-virus program has detected malware, but was unable to quarantine it or remove it (yes that happens) – basically leaving the nasty program to carry on whatever evil plan it came to deliver?
There are a number of technology items on which you can receive alerts, all the way down to telling you when your printer is about to run out of ink. Here are a few key ones you need to have:
- Backup Alerts: As we discussed in the previous installment, you need to know when your backup runs. Not just when it fails. Backup system failure could also include the inability to send an alert that the backup is malfunctioning, so you need alerts each time it runs. Ideally, it will include more information such as the quantity of files backed up and total backup size.
- Anti-Virus Alerts: Does your anti-virus solution tell you when someone has an encountered malware? It needs to do more than just pop up a warning on the infected machine. If you have more than a couple of workstations, you need a centrally managed solution which will tell you if ANY of your assets have encountered malware. Today, malware is after more than just the local computer. Primarily it wants to lock down all of the files on your network and sell them back to you, which is the definition of “Ransomware.” From my experience, the percentage of computer users who will notice and report a malware notice is extremely low, so you need something which alerts you to take action when they do not.
- Microsoft Update Status: No amount of security measures will protect you if you use Microsoft Windows and it is not up to date. This is true of all operating systems, but as Windows is the most common operating system in the world, there are more exploits written with it in mind than all of the others put together. If you have more than a few machines and have a Windows server, the most widely used method to monitor and manage Microsoft updates is called Windows Server Update Services or “WSUS.” That is something you most likely need help setting up, but could manage yourself once it is running. It will keep every Windows workstation in the building up to date, as well as alert you when they are not.
- Non-Microsoft Update Status: The most important updates other than Microsoft are the browser-based software products such as Java, Adobe Flash and Silverlight. These will typically alert you when it is time to update…but do NOT click on the prompt to update. Instead, when you receive an update notice, go straight to the website for the product and update from there. Not sure where to go for this? Here you go:
- Ransomware Attack Alerts: Ransomware is currently the most prevalent attack for small businesses. There are many ways to watch for and stop this, but a basic method is to set something called “Software Restriction Policies.” Many varieties of ransomware attempt to execute in a common set of folders and these policies prevent this action and can send an alert.
- Advanced Information: Above and beyond the basic alerts listed above are more advanced methods of alert, such as Intrusion Prevention Systems and other network monitoring systems, which watch for disk space and other resource issues, certain event log events and pretty much anything else. Typically these would be installed and setup by your technology professional so that is a good place to start.
Many of the above alerts can be setup and monitored by you without a high amount of technical expertise. Others require involvement by a technology professional, but the important thing is that you look for ways to be alerted when issues arise.
Thanks and remember, you can and should understand your own technology.
Tim Weidman is the Director of Information Technology at Frankel Zacharia Tech Services, a department of Frankel Zacharia, LLC. Tim has a technology career spanning over 25 years and holds professional certifications in Certified Ethical Hacking and Penetration Testing, Security+, A+, Network+ as well as Microsoft, Apple, Linux and Novell technologies. For more information visit: fztechservices.com.