First, Limit Your ExposureThe most important thing to learn about cyber security when running a small business is to limit your exposure. This is analogous to locking the front door on your business after hours, setting your alarm system, and not leaving your keys in the truck. It also implies that you keep backups of key files and sensitive information just like photocopying papers for your accountant or local government. If you consider all of the physical things you do to protect your business, you will realize that there are electronic equivalents for almost all of them that can be incorporated into your business on a daily basis with minimal to no impact. Consider these for example.
- Locking your doors. This is equivalent to having passwords on all accounts and different keys for different systems. You do not want the front door key of your business to also open your safe!
- Having different alarm codes per person. If you are using the same alarm code for all employees, consider assigning a unique one per person. This allows you to track who is entering the code and is equivalent to having unique usernames and passwords per employee to access resources.
- Can anyone write a check from your business? The simple answer should be no. So why would you allow administrative access from all employees to information technology assets? If you do, this would allow them to make any changes to your computing environment and potentially any system; even the ones that write checks.
- Do you send your cars and trucks in for maintenance? If your business has a fleet of vehicles, you probably do. Even the worst taxi cabs need new tires and an oil change from time to time. So why not perform maintenance on your computers? This is allowing Adobe, Oracle, Windows, etc. to perform automatic security updates to ensure that vulnerabilities do not become a liability like bald tires.
RecommendationsSo, what kind of technology can help your small business reign in these security problems? BeyondTrust has a few solutions that are best of breed that can help at an affordable price point: 1) Scan your systems for vulnerabilities or missing patches with Retina Network Security Scanner. This solution provides small and medium sized businesses an efficient vulnerability assessment solution that can identify missing security patches and vulnerabilities on your systems. It has a built-in reporting solution that recommends how to fix discovered vulnerabilities and provides guidance on any network enabled device; wired or wireless. It provides the maintenance your computing devices need to make sure they operate with the best security posture. 2) Scan your public-facing internet sites for flaws and weaknesses with BeyondSaaS. BeyondTrust provides cloud based vulnerability assessment based on Retina to assess all your public facing Internet assets for vulnerabilities and web application flaws. This service can target any device on the Internet your small or medium size business owns and provides prescriptive guidance on how to fix any flaws that might otherwise be exploited through the Internet. 3) Remove the “keys to the kingdom” from your employees with PowerBroker for Windows. Removing administrator rights from your computers might leave some applications usable or users able to perform critical tasks. PowerBroker for Windows allows users to execute applications with administrative permissions without ever providing them the password. In addition, it can perform the same tasks for operating system functions like adding printers or changing the clock. It helps protect assets by securing administrative rights and making sure users do not have “the keys to the kingdom.” 4) Store your secret passwords with PowerBroker Password Safe. Storing passwords and rotating them on a regular basis is a daunting task for small and medium size businesses. Remembering the new password, all the locations, and informing staff is a proverbial pain. PowerBroker Password Safe can perform all these tasks and more to ensure insecure passwords, and their usage, are properly maintained. 5) Remove access to business-critical systems, like payment processing or accounting with PowerBroker Sudo. If your small or medium size business uses Unix or Linux, how do you manage root, sudo, and privileged accounts across all systems? Just like PowerBroker for Windows, PowerBroker Sudo can help manage administrative rights on non-Windows systems. In addition, as your business grows, migration to its big brother, PowerBroker for Unix & Linux, can completely remove administrative rights and delegate the specific tasks needed for any system and application. Managing cyber security in your small business does not need to be a big problem. All you need to do is think about how you manage security today and translate the topics from your daily practices to the electronic world. Once you do, BeyondTrust has solutions that can make the transition easy, affordable, and painless. For more information on how we can help your small business, contact us today. In the meantime, download our free privileged account scanning tool, Privilege DART. It will quickly scan your network and tell you where you may have some weaknesses. Try it!
Morey J. Haber, Chief Security Officer, BeyondTrust
Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four books: Privileged Attack Vectors, Asset Attack Vectors, Identity Attack Vectors, and Cloud Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.