When we talk about data security for small businesses, many people may look at it as a back-burner topic. The fact is, the security of your small business data is crucial to your business success.
Today, let’s discuss some ways that you can ensure your data is secure.
Firewall configurations
It’s important for firewall configurations to be regularly reviewed and independently audited to ensure that only the absolutely necessary configuration is active.
We commonly see remote management services exposed to the public internet rather than being correctly filtered to only permit access from ‘trusted’ networks such as the LAN or VPN.
Network segregation
Along with checking the firewall configuration, it is important to check that segregation is working effectively across all network egress and ingress points. Businesses should check for network anomalies arising from the segregation between servers and clients.
Username enumeration and strong passwords
Some of the common findings on the Internal Penetration Tests we perform include file shares without appropriate permissions and the ability to enumerate usernames due to incorrectly configured Windows domain services. These flaws, often lead to privileges being gained on the network.
Organizations need to ensure that all users set strong passwords that go beyond simply meeting the current password complexity criteria.
We regularly see organizations which have best-practice password policies, but still have users employing weak passwords such as ‘Password01,’ just to meet the policy.
Organizations must encourage users to take the time to set a suitable complex password, then test them regularly to ensure that they are appropriately strong.
Be careful with admin privileges
One common mis-configuration is assigning excessive privileges to users and network service accounts. Doing so, potentially results in admin authentication tokens and Domain Admin credentials being present on all computers where these services are used.
If a single domain member is compromised where one of these accounts has been used, it’s often easy to escalate privileges to that of Domain Administrator.
Conclusion
Your data security is vital to your business success. If you’re unsure of your risk or exposure that your business has, contact a manged services company like Alliance IT today.