The best (IT security) things in life are “free”….

Well, maybe not “free,” but certainly effective IT security doesn’t have to break the bank. The good news is that effective security isn’t just about cutting-edge equipment and expensive software. Some of the best ways to protect your IT and data don’t require more “stuff” by way of expensive software or appliances. Many only require minimal investments in terms of time and money, and leverage a business’ people and processes.

Here are our top recommendations for building a basic, cost-effective IT security strategy…

  • Backup, backup, backup
    Natural disasters, user error and hardware failures can all bring your IT to a crashing halt – and result in data loss that could ruin your business. So it’s essential that you regularly back up all of your important data, and store copies of it multiple places, including off-site. This is rather the last line of defense, but we’re putting it first because a restore from backup is often the only path back after everything else has failed. Especially in the days of ransomware, a good backup may be the only way to recover encrypted data.
  • Can spam
    Spam is still one of the leading delivery methods for malware. At best, dealing with spam reduces productivity, and at worst, can introduce malware that can take over control of your PC – or encrypt your critical data, rendering it unreadable and sometimes unrecoverable (making the aforementioned backup all that more important). It is absolutely necessary to employ an anti-spam strategy, preferably a multi-layered one, to protect your business.
  • Practice safe e-mail
    As long as we’re on the subject of email, educate your people about never opening e-mail attachments or running executable (.exe) files from unknown sources. Every business can communicate this to staff as part of a basic e-mail security policy. “Just say no” to unknown e-mail.
  • Create strong and unique passwords
    Users should have strong passwords, at least eight characters, ideally with a combination of alphanumeric and special characters. Passwords should be changed regularly – and if a user has multiple accounts for access to different systems, sites or services, their passwords across those should be UNIQUE. In an era where data breaches of user credentials are far too common, the theft of one of your passwords could be the theft of ALL of your passwords, if you use the same password everywhere.
  • Stay up to date
    Many threats to IT take advantage of out of date technology. To be sure you have the best protection for your IT, it’s important to stay current on operating system and security software updates and patches, upgrade Internet browsers as new versions are available, and keep plug-ins like Java and Flash up to date, as well.

In addition to what we’ve shared here, most businesses should have a layered security strategy. This means deploying security at different levels of your business. To “Can Spam,” for example, a business might have a cloud-based spam filter, another filter on their business grade firewall, spam filtering on the Outlook/email program at each desktop (often as part of antivirus), an email security policy, and a user awareness program.

These don’t have to happen at all one time – you can take a step-by-step approach, focusing at first on the layers of security and specific steps that address your most immediate issues.