Today we cover how you can improve your business IT safety features and security protocols. We look at what a business and/or personal user of technology needs to consider to ensure they are protected from the unwanted and uninvited world of hackers. Hackers who could ruin your business in an instant or deprive you of your personal life.
So by working through the sub-topics below you should arrive at some level of assurance that your business or personal IT lives are sufficiently protected. In essence, giving you that same comfort of a well-deserved restful sleep, like what you would expect from a CLOUD-9 mattress.
conduct regular business assessments of your information technology structure.
Whether you have your own IT Department or make use of a third-party service provider, it is vital that the business conduct regular assessments of the current IT infrastructure to determine whether the business has a healthy IT environment. This assessment should include the following:
- What business services are dependent on IT Support in delivering services to your customers?
- What is the impact when a given service is unavailable?
- What weaknesses currently exist in the way you deliver service to your customers using IT support?
- What risks are faced in delivering these services?
- Are there any external threats that need to be considered?
- Is there a need to reduce risk or exposure?
- How many end-point workstations are operational?
- How are workstations accessed? What security protocols and policies are adopted in governing these accesses?
- How are workstations connected to each other?
- How is data stored and how regularly is data updated or backed up?
acquire the services of professional Cloud Solution Providers (“CSP”) and forge a strong business relationship.
It is important for businesses to adopt cloud-based applications and for some businesses this may require some restructuring in the business IT infrastructure. Contracting with a reputable CSP is imperative. A CSP must be equipped with state-of-the-art monitoring software and preventative programs that suit your business environment – this is a given.
Critically, and I would offer, more importantly, the relationship between the business and the CSP must be established on a basis of partnership; not as a standard customer-supplier relationship. Operating as a partner will strengthen collaboration ensuring the wellbeing of your business, far beyond the value derived from the fees they earn.
Improve collaboration by establishing a Service Level Agreement, remain in regular communication, hold monthly meetings and document these by way of reporting. This will ensure that you as the business are updated regularly on recent developments, threats, and improved services. Let’s be honest with ourselves… we do tend to overlook those important news releases or email updates from time to time. Personal interactions, in-person or online, provide a better environment for communication, as it allows you to ask questions and debate relevant topics and areas of concerns.
Ultimately, the more you know the better your chances of identifying possible areas of high risk. Knowledge is a key enabler, which ensures you can approach your CSP to implement preventative measures instead of having to react with crisis control measures.
switch to cloud-based applications and “dump” the legacy applications.
As mentioned before the use of cloud-based applications is of vital importance. Legacy systems require software and applications to be housed on local servers which increases the risk of unwanted “visitors”. Cloud-based applications offer additional benefits, including having your data and files stored on Third-Party Data Centres. In this instance, the responsibility of maintaining those Third-Party Data Centres lies with the application provider themselves. This must not be regarded as a complete fail-safe as any breaches at the Third-Party Data Centres could still expose you to “disaster”.
Some efforts and precautions must be taken to store and backup on various platforms, such as OneDrive or SharePoint. Having data stored on multiple platforms will ensure diversification and reduce the amount of risk. As the saying goes “don’t put all your eggs in one basket”. Some cloud-based application providers do provide additional protection and security procedures. However, they normally incur additional costs so you will need to decide whether the costs justify the potential risk involved. This is especially critical when reputation risk can sink your business. A good example: in the case of compliance requirements imposed by the FSCA and with the latest adoption of the POPIA.
incorporate a continuous information technology reporting culture.
It is easy to relate to the fact that once a company uses a CSP and makes use of a cloud-based application, they assume that the necessary security protocols and procedures are in place and that “nothing” can go wrong – This is certainly not the case. Having this mindset will cause the business to become negligent in reporting on features such as network health, potential threats, network breach attempts, end-point workstation compliance with business security protocols, end-point workstations that are not up to date with the latest updates and upgrades and much more.
How many businesses operate procedures that perform constant monitoring and reporting on their IT structure? How many businesses become complacent over time because no major incidents have been experienced or reported?
To put this into perspective – A quick search on Google provided a recent report, released in January 2021. This report indicated that for 2020: 1001 million data breaches and 164.68 million records were exposed in the United States alone. The cherry on the top and according to Cybint: 95% of cybersecurity breaches are caused by human error.
So, I end off by saying…
Staying vigilant and updated is of utmost importance in fighting against the danger that lurks around every corner within the cyber realm.
At wauko, these are the principles that we pursue with all our CSP’s and would welcome any comments or suggestions from your journey towards a “CLOUD-9 Mattress” IT experience.