Top 5 Ways To Boost Business IT Security

Cybertheft, phishing and the malicious acquisition of data have come to the front of public consciousness in recent years. Criminals are now aware of how easy it can be to steal digital assets rather than physical belongings, while the rewards are often greater and the chances of being caught are less. As large organisations like retail banks become increasingly security conscious, so the thieves have found it more difficult to steal from them or their customers, instead turning their attention to smaller businesses. Unfortunately, there is plenty of low-hanging fruit there. So, below are five simple steps businesses must take to secure its digital assets.

Manage passwords

Astoundingly, despite all the expert warnings, the most commonly used password in the UK today is still ‘password’. It does not take a genius hacker to crack that. A hacker’s first approach to cracking a password is probably going to be a dictionary attack, in which every word and common phrase in the English dictionary is tried repeatedly. So ‘London’ or ‘data centre’ are not good passwords and nor is ‘London data centre’. The more character sets there are and the longer the password, the more secure it is. So ‘L0ndonDataC3ntre?’ is far more secure, for example. It’s vital business ensure all passwords are secure and changed on a regular basis.

Separate networks

Most business IT systems have two parts: external-facing (for example, the company’s website) and internal-facing (for example, the company’s accounting systems). As the name suggests, the external elements can be accessed by anyone, whereas internal processes should only be accessed by trusted employees. A second critical step is to put the two parts onto separate servers and networks with no interconnection between them. That way, if a hacker does take control of the website, there is damage limitation in place as the accounting systems will still be untouchable. Another option available is to run one set in a data centre and the other in-house or in the cloud.

Control VPN access

Most companies now allow remote access to trusted employees over VPNs. Simple access is by a username and password. Access can be made increasingly secure by adding a security step involving something only the user has, as well as something only the user knows. For example, adding a one-time password, which can only be accessed from the user’s email account on their protected mobile phone. If the hacker does not have physical access to the phone to gain the one-time password, cracking the normal password is of no use to him.

Use a data centre

While much effort goes into preventing malicious cyber-access, the simplest way to get hold of data is to physically break in and steal the servers, or just their hard drives. Many smaller companies could never justify the cost of operating 24/7 on-site security cover. The simple thing to do is to put the physical equipment, or maybe just the critical parts of it, into a secure data centre where the physical security, the power, the cooling and the connectivity are guaranteed. Data centres are good at security because it is their job to be.

Hybrid cloud solutions are also growing in popularity, with the critical or constant workload hosted in a data centre, while the less critical, variable workload is remotely hosted in a public cloud.

Get a security audit

Ethical Hacking is a phrase used to describe the work of IT and network security firms. Such a firm sits on the outside and tries to breach a company’s systems and identify vulnerabilities and weaknesses in the same way a malicious hacker would. By doing so, they allow the company to pre-empt any real hackers and to close loopholes before anyone else can identify them. Of course, such audits have to be done regularly, maybe once a year, as all IT systems are continuously updated, overhauled and refreshed. Most data centres will have a relationship with such a security firm. A security audit will repay its cost in peace of mind alone, let alone the avoidance of the disaster which can occur if hackers get into the company’s confidential finance or customer information.

As with many things in business and in life, most of this is common sense. Worryingly, that does not mean even professionals do it, though. Large organisations have the resources and focus to secure their assets using these simple steps. However, for smaller organisations with less time and resource it is still vital that business IT is fully secured, and preferably located in a secure data centre, or they will put themselves at serious risk of cybertheft.

How much do you know about online security? Take our quiz to find out!

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

4 hours ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

4 hours ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

5 hours ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

5 hours ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

6 hours ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

6 hours ago