IT Essentials For Your New Business

IT Essentials For Your New Business

Ready. Set. Go.

Here are some essentials that will keep you in compliance with some industry best-practices.  

Do not use any end-of-life products.  

While you may be tempted to reuse that old laptop, it may be running an obsolete version of the operating system.  This means that updates are no longer being made available for the version on the laptop.  Using a system that can’t be updated is a non-starter in 2022 as it leaves you vulnerable to many security issues that do not have a fix.  The same applies for other devices, such as, network devices and printers.  

Deploy a business-grade firewall  

Many businesses obtain an Internet service and use the default equipment that was provided by the Internet provider. Regardless of whether you work from home or have just opened a restaurant, a higher level of security awareness is required to ensure that you minimize the risks associated with networked Internet connectivity.  We are recommending a class of firewalls that are above the consumer grade firewalls that you can purchase at your local electronics superstore.  A business grade firewall will ensure that your Internet traffic activity is logged, reports can be generated, firewall rules can be updated, etc.  As an example, your restaurant Point-Of-Sale (POS) system and credit card processing devices should be behind a firewall. Otherwise, you are operating your business with unneeded risk.

Run threat detection and prevention software on all computer systems

Most people will associate this item with antivirus software.  Yes, that is a part of it, but there is more to it. Today, the threats are not so much related to a computer virus.  The threats are more related to you succumbing to a phishing attempt that may invoke a malware attack that may ultimately result in you becoming a victim of a ransomware attack.  At the core, a managed detection and response agent (MDR) should operate on all computers used to conduct business.  Each MDR agent can use real-time network traffic signatures to detect incoming threats and will normally report all alerts up to a centralized, cloud-based event dashboard.  A MDR cloud-based solution allows you to see the organizational events in one location.  Additionally, a managed security services provider (MSSP), like Mende Cybernetics, can watch the alerts for your organization and notify you when a serious event occurs on any of your computer systems.

Attend annual security awareness training

Simply put, it is essential for each person in your organization to become accountable to know the most common threats that are posed on the Internet and what company cultural processes are required to mitigate those threats (risk).  If at all possible, include security awareness training as part of the new employee on-boarding process.  After completing the training, a certificate of completion should be given to each attendee and the importance of the training should be championed from the top of the organization.  

Conduct quarterly vulnerability scans

Now that you are up an running, you should plan to have all network connected systems scanned for network vulnerabilities on a quarterly basis, at a minimum.  If you deal more with financial or patient data, monthly vulnerability scans may be required.  A vulnerability scan will identify the existing, known risk in your environment.  Once you know the risk and the risk levels, action can be taken to eliminate or mitigate the risk.  Risk mitigation is normally prioritized for critical and high vulnerabilities.  Once you address the higher-risk vulnerabilities, you can then consider mitigating or accepting the lower risk vulnerabilities.  Conducting a vulnerability scan is analogous to having a network security health check. 

Think about business continuity 

If a natural disaster occurs and destroys your business property, what will happen to your business?  Will you be able to recover?  Do you have all of your critical data securely stored somewhere offsite?  All critical business items should be securely backed up and recoverable when needed.  All vendor and customer information should be fully recoverable from a known point in the business.  We call this a recovery point objective (RPO).  In most cases, you would want the RPO to be the close of business for the previous day.  A business continuity plan will address these items to help ensure that you are prepared when a disaster strikes.  

These are some essentials that will ensure that you remain proactive and vigilant.  

Contact us today on how we can help you with any of the items listed above.