From Ryan Groom,
Your Guide to Business Security.
FREE Newsletter. Sign Up Now!

A lot of my time is spent in research. Being in the security industry I never get to sit long and think yesterday’s information is tomorrow’s solutions. So as I was thumbing through the Internet, I came across the Microsoft Small Business Security page.

This page provides a plethora of information for the small to medium business owner. Although Microsoft centric, the site does provide a varied view of many security concerns affecting business owners today.

The home page concentrates on downloading Microsoft Defender, the Microsoft Malicious Software Removal Tool and the latest Microsoft updates to help protect your environment. Most of it is quite trivial and should be part of your regular security regime anyway, but if not it is a good place to start and to glean information if you have any questions. The place you will want to take a good look is the Protect Your Business.

The page focuses on the seven steps to protect your environment. It begins with a great outline defining SPAM, Phishing and Viruses. Although fairly elementary, it is worth the read and does have a couple of good pointers for any network. Mostly it concentrates on educating your employees with tidbits such as instructing your employees to never open suspicious attachments that they do not expect, reminding them to use caution when responding to messages that ask for passwords or account information. Remind your staff that if they have doubts about the origin of the e-mail, they should contact the person who sent them the email and verify the legitimacy of the request. Although not many people embrace this, it is a good idea to get into, especially if you do not have a corporate anti spam solution. The final area alerts you to how to combat a virus mainly through the use of a good anti virus client and the importance of a good backup strategy. All good information.

From there the explains in depth the 7 steps to protecting your network.

• Protecting Your Desktops and Laptops
  This section outlines three must do’s including keeping your software up to date; protecting against viruses, and setting up a firewall.
• Keep Your Data Safe
  Data is useless if you can’t reliably restore it after a failure. This section demonstrates the steps required for a simple backup procedure including setting permissions and encryption.
• Use the Internet Safely
  Show your staff the importance of avoiding certain websites while using corporate computers. Pop-ups and animations can wreak havoc on your network. Ensure your corporation has a stringent policy outlining acceptable use for the internet and the procedures that will be used should action need to be taken in accordance with the policy.
• Protect Your Network Explain the pitfalls of Remote Access. While a fantastic and versatile tool, remote access provides a gateway into your business. Ensure it is monitored. Be cautious of password use and rogue wireless networks in your corporate environment. Don’t forget to discuss RA with any employee who connects to your network from a home based PC.
• Protect Your Servers Everything is stored on your servers. Consider adopting a layered approach to security to protect all facets of your back bone infrastructure. Adopt policies that work within your business model and ensure they are followed from top management down.
• Secure Your Line of Business Applications Security doesn’t stop at 5 o’clock. Any business critical application will need to have certain steps taken to ensure it can continue to be available even under adverse conditions. Hackers, meteorological events, terrorism and natural events such as flooding must be considered. Losing a critical application can stall the life blood of an organization.
• Manage Desktops and Laptops from the Server Centralised administration is a safe economical way to manage many desktops. Locking down computers in a standardize method allows users to complete their tasks and administrators to exercise control over the computers.

If all of this seems like too much to read (each of the above mentioned topics expands to its own page on the website), you can watch a video outlining the aforementioned steps. Lastly, don’t forget to download the Security Guide from Microsoft in PDF format.

The final phases of the website provide some bonus material for you to attempt managing the security of your own network. It breaks the tasks up between ones you can accomplish yourself and ones that depending on the skill set of your staff may have to hire someone to do for you. Either way it is good to have a checklist in place and if Microsoft has done the legwork for you, even better.

So in closing, remember that security is ever changing and many organizations especially small ones tend to overlook basic security in exchange for flexibility and convenience. Following the steps outlined in this guide will give a great start for any small business regardless of IT budget.