Business Security Foundations

These are the services that I believe are the essential measures for any business to protect itself from cyber-attack. That's regardless of business sector, or sensitivity to security considerations.

I am by no means a cybersecurity expert. I am an IT generalist, and I've spent a lot of time researching and thinking about what are the foundational measures that small businesses and nonprofits can put in place to protect the organization's data from theft, loss, or ransomware attacks.

Consider hiring me to help implement or update any of the following things for your business.

Endpoint Protection and Patch Management

Operating systems and software need to be updated regularly to patch security vulnerabilities as they are discovered. Many OS and software have automatic updating of some kind, but if you are managing computers for a small office with staff, or especially remote workers, you need a centralized management system to identify out of date systems and bring them up to date promptly.

Staff Education -- Cybersecurity Basics

Everyone comes in to work with a completely different background regarding their comfortability using computers. Educating staff about their role in cyber-security is one of the best measures you can take to get everyone on the same page and prevent security breaches.

Workstation File Backup

Make sure that those key computers are backed up. Not every computer needs to be backed up, but you want to make the conscious decision about what computers you need to back up. You can back up files to a local hard drive, or offsite using a cloud-based backup service.

Google Workspace / Office 365 Backup

Did you know that your files in the cloud are NOT backed up by the cloud provider? That leaves them vulnerable to accidental deletion, and malicious actions like ransomware attacks. Every organization should have their key business data backed up, and that includes in the cloud. Google Workspace Backup from Zeke Cato Enterprise

Password Management

Every web account should have a unique, strong, and randomly generated password protecting it. It's hard for many people to keep track of on their own; when those passwords also need to be shared with a group, and as people come and go, or passwords change, how do you communicate that with the people who need to know?

I've seen people do it a number of different ways successfully, but I highly recommend the use of a password manager. The password manager takes the burden off of you when it comes to creating secure passwords and retrieving them when you need them. A good password manager will also have features for securely sharing secrets with others. No more unsecure emails or text messages with your social security number or other private information in them.

2 Factor Authentication or Multi Factor Authentication

Should you be using 2 factor authentication? Yes, whenever possible. That could be an authenticator app, or a physical security key. And always have a plan for storing your recovery codes in case your 2 factor device fails.