It is important for business owners to be clued in about their technology.
Business owners are responsible for managing all aspects of their business. From sales to procurement to delivery and staffing, everything needs to be in sync for the business to succeed. However, when it comes to technology, business owners fall into two camps – they are either afraid of it because it is too foreign to them or they think they know everything there is to know about technology and don’t need help. Both points of view are dangerous and could lead to problems.
Now, more than ever, external (and sometimes internal) agents are working to get to your firm’s data, to compromise information or to deceive you all with one goal in mind – making money. These agents do not care how they make the money, just that they make it. To protect yourself and your business you need to know the basics. These should either be researched by you, the owner, or requested from your IT company.
So what are some of those basics?
Do you have a business grade firewall? Usually these will cost more than $1,000 and they can be programmed to do things like separate your wireless network from your internal network at the office, block IP’s from specific countries and block specific categories of web sites. Having the firewall is one thing, but you also need to be sure it is programmed correctly to provide at least some level of protection to your business. Most people have a fully open Internet connection and that may be okay, but you should be aware that these capabilities are there and take advantage of them If you feel they will be of benefit to the business.
What should I know?
- Do I have a business grade firewall?
- Is my firewall doing any screening for me?
- Is my wireless network connected to my internal network?
Do you have an adequate backup system? Many would respond yes right away, but let’s delve into that a bit more. What should an adequate backup system have the ability to do in order to completely protect the business?
- Support on site backup to a destination that is not directly visible from the network using standard Windows File Explorer.
- Support off site backup to a location at least 30km from the office location.
- Have the ability to backup not only files, but Exchange databases, SQL databases and all the content of your servers.
- Have the ability to restore single files, folders, mailboxes or individual email messages.
- Have the ability to restore a complete server in the event of a Crypto style virus.
- Have the ability to restore your firm’s systems in the event that the server room is irreparably damaged.
- Is the backup system monitored for errors?
- Are restore tests done on a regular basis to ensure that data can be recovered?
The next thing to think about is if I get hit at my most vulnerable time, how long can I wait for the system to come back up? Timing may differ between email and files for example. You may be able to live without files for a day but you may need email up within 4 hours. Does your backup system support these objectives – because that’s what’s needed to ensure that your business keeps running.
The frequency of backup should be known. Gone are the days of backing up once a day. You need to be backing up every few hours to ensure that you don’t lose too much data if you experience an event that requires recovery.
What should I know?
- Is your backup isolated from the rest of the system – both on and off site?
- Do you have offsite backup at least 30km away from the office?
- Do you know what is important to recover first in the event of a disaster?
- Can you granularly recover your email if need be?
- How fast can you recovery your system in the event of a complete failure?
The best way to find this out is to request a test of the backup and recovery system now in use. The test will reveal where there are issues and allow you to fix them before you really need them.
Are you using a free antivirus system? If so, you are getting exactly what you paid for. Use a reputable antivirus system, one that is not based on definitions but instead on heuristics. Things are changing too fast nowadays to relay on regular definition updates. You need a Cloud sourced antivirus system that is continually scanning endpoints around the world and reporting back to “head office”. Head office then lets all systems know of any threats quickly.
What should I know?
- Is your antivirus system paid for or free?
- Is it managed from a single console that lets you discover if there is an issue from one location?
- Is your antivirus system definition based or heuristics based?
- When does the antivirus system expire?
Domain and SSL Certificates
Your domain is the cornerstone of your business. It should be protected at all costs. SSL certificates are tied to your domain and provide a secure connection for remote access and for your email, as examples. If SSL certificates are not being used you will typically type in http:// rather than https:// when accessing your email remotely or your remote access services remotely.
Trolls look for expiring SSL certificates and domains and try to get you to renew over the phone or by mail prior to the renewal date. These are not usually legitimate and they are trying to either steal your domain or move your domain (or SSL) to their company. Always renew by logging onto your domain’s registrar and renewing online from their portal. Type the URL in yourself, don’t use a link in an email.
What should I know?
- When does my domain expire?
- Is it protected from automatic transfers?
- When do my SSL certificates expire?
- Am I using SSL certificates for those areas of communication where my data should be protected?
- What is the name of my registrar?
These are just four of the areas of metrics that a business owner should be aware of relating to their technology. Digest these and we will provide you with more in the future!
Charles Bennett is the Principal Consultant of Triella, a technology consulting company specializing in providing technology assessments, consulting, maintenance services and CIO-related services to small and medium sized firms. Charles can be reached at email@example.com or 647.426.1004 x 222. For additional articles, please visit https://www.triella.com/whats-new/. Triella is an Authorized Worldox Reseller.
© 2018 by Triella Corp. All rights reserved. Reproduction with credit is permitted.