It is not always economically viable for small and medium-size businesses to maintain a dedicated IT security team, so it often happens that one person is in charge of monitoring the entire infrastructure. Sometimes he or she is not even a permanent, full-time employee.<\/p>\n
Sure, a good administrator can do a lot, but even a pro might miss something, particularly if issues are mounting and time is short. So, it\u2019s worth establishing a few habits. Here are our Top 5 regular checks.<\/p>\n
Any website that requests or processes user data must have an SSL certificate. It protects information entered by visitors from being intercepted, and almost all modern browsers warn<\/a> users that sites without an SSL certificate are insecure. That can scare off potential customers.<\/p>\n Your website most likely has an SSL certificate, but its validity period is limited. Depending on the certification authority, it will need to be reissued every three, six, or twelve months. Therefore, we recommend setting a reminder in your calendar about certificate renewal.<\/p>\n The older the software, the more likely it is to contain vulnerabilities, so it\u2019s critical to keep all software up to date. Workstation operating systems and applications themselves usually notify users when updates become available to install. But if you\u2019re still worried about missing an important patch, use our corporate products<\/a>, which contain an entire subsystem for tracking fresh vulnerabilities and fixes for them.<\/p>\n That said, it is not only employees\u2019 computers that need updates. Routers also have built-in software\u00a0\u2014 firmware \u2014 which over time likewise becomes outdated and vulnerable. Cybercriminals can then exploit<\/a> the old firmware to infiltrate the corporate network. Unlike software on workstations, SOHO routers generally do not send notifications when the firmware is out of date, so updates have to be done manually.<\/p>\n Therefore, it\u2019s important to inventory all corporate network equipment, and at least every couple of months check the administration console to see if a new version of the router firmware has appeared. If the console has no function to check for updates, you need to do it yourself on the manufacturer\u2019s website. And if some devices are outdated and no longer supported, you should think about replacing them; vulnerabilities in such models will remain unpatched forever.<\/p>\n A dismissed employee can cause all kinds of trouble if their accounts and access to the corporate network are not closed in time. Cyberrevenge against former employers<\/a> is real. To avoid a similar situation, make it a rule to revoke all access rights immediately after dismissal.<\/p>\n In addition, regularly audit all accounts and their permissions. It can happen that a person remains in the company but moves, say, to another department, where they no longer need some access rights but no one remembered to revoke them. Any unnecessary privileges can prove costly in the event of a cyberattack.<\/p>\n Backing up your data helps protect<\/a> it from wipers<\/a>, ransomware, careless employees, and other hazards. You can back up manually, but it\u2019s better to schedule an automatic backup so as not to clutter your calendar with reminders.<\/p>\n That said, even if your company\u2019s backups are automated, you should periodically check your data storage. Are the backup programs running smoothly? Is the storage address correct, or did someone sneakily change it? Do you have enough space for all of the data? Are the storage devices acting up? Modern data storage devices use S.M.A.R.T. technology to diagnose their own problems and predict how long they will survive. The technology analyzes the status of disks and reports issues.<\/p>\n If you store backups in the cloud, check the settings periodically and buy additional space before you need it.<\/p>\n Security software on workstations and mobile devices won\u2019t let you forget about subscription renewal. But don\u2019t forget about servers. An unprotected server can cause a range of problems \u2014 from data leakage to hosting malicious resources in your infrastructure to turning your office into a cryptofarm<\/a>.\u00a0 Set a repeating reminder in your calendar to update server protection.<\/p>\n When it comes to security, the more regular and thorough the checks are, the better. To avoid serious issues:<\/p>\nUpdate router firmware<\/h2>\n
Revoke unnecessary rights<\/h2>\n
Back up<\/h2>\n
Update antivirus licenses on servers<\/h2>\n
Your company\u2019s security is in your hands<\/h2>\n