The following best practices, tips, and recommendations can help your SMB achieve better security without wrecking your budget.
1. PCs and notebooks should be hardwired into the network whenever possible which will give better performance, reliability and security.
2. Servers, including virtual machines (VMs), desktops, notebooks and mobile devices should have appropriate endpoint protection software with anti-crypto-virus features.
3. A firewall is needed to protect the network from unauthorized access from bad actors coming through the internet. Ideally this firewall will be from a different vendor than the endpoint protection vendor as this will have the effect of reinforcing the strengths of each as well as covering the weaknesses of each.
4. Wireless access points (WAPs) should have endpoint protection software to prevent unprotected wireless-connected devices from infecting other local devices.
5. Security subscriptions for firewall and endpoint protection should be kept current.
6. A data backup and recovery test should be done at least annually on all servers. This typically involves taking a recent off-site backup and attempting a recovery of each server and VM to non-production or rented server hardware.
7. For larger networks with multiple servers, a Security Assessment or Penetration Test should be run at least annually. This involves using commonly available hacker tools to probe an organizations’ internet-facing IP numbers.
8. Regarding Passwords:
A. Passwords should have a minimum of 10 alphanumeric characters with at least 3 of the 4 character types (upper case, Lower case, Symbols, and numbers)
B. Passwords should be unique for each application / service
C. Passwords should not include dictionary words
D. Do not use the default passwords that come from your vendor
9. Operating systems for both servers and endpoints (PCs, etc.) should be set to “auto-update” unless there is a specific reason not to.
10. Microsoft Office applications should also be set to auto-update.
11. PCs and server storage systems should use an encryption product such as Bitlocker.
12. Maintain a change log so that service providers are all on the same page when they work on your systems.
13. A server-grade power backup system should be used for all servers
14. A PC-grade power backup system or surge protector should be used on each PC/Endpoint.