A recent survey of businesses reported that, 92% of firms with more than 250 employees, and 83% of smaller firms (up to 25 employees), said they had an I.T. related security incident of some sort in the last year. That seems a very high figure but its not all that surprising when you consider that most people still don’t take computer security nearly seriously enough!
I am sure that a lot of the firms in the statistics above will have had some basic protection in place and a proportion of the incidents may well have been relatively minor, but a general lack of knowledge and a false belief that “they won’t be interested in my data” leads companies to neglect the security of their networks and allows others to take advantage of the fact.
We would recommend that regular reviews of network security are undertaken and whilst the full on security audits are perhaps a bit much for a small company, and lets be honest penetration testing sounds painful 
and social engineering is a bit of an overkill when there are only 30 of you in the company to start with! But there are things that you can do to improve the security, look back at previous posts about stronger passwords and there was the one about preventing your systems from being used by spammers other things that you should think about are what you allow your users to do on the network.
Do the users on your network need to be able to install software on their PCs? if not then why not consider taking away the local admin rights? This will stop them from installing software that could potentially cause problems later such as peer to peer file sharing, “free software” that comes with a load of viruses and can prevent quite a few user induced problems.
Are all the users on the network set up with the right level off access? Too few rights and they wont be able to work and too many and they will be able to see things that they shouldn’t and make changes that could affect your whole network. If there are users on your network with full domain admin rights then this is probably a bad idea. Even the network administrator should have a standard logon for the day to day stuff and just use an admin account to log on to make system changes.
Setting up effective user groups can help with this in the long term, that way you can assign rights to the group such as sales, admin, management etc. and add individual users to the groups so that they have exactly the rights that they need depending on what role they are performing making future management much easier.
Are your firewalls set up correctly so that they only allow the traffic, both in and out, that you want to allow and prevent all other traffic? As they come out of the box they are quite open and need to be configured to get the best out of them so its worth checking the rules are all set correctly, we can help with that if you need help call us on 0161 941 4555.
There are lots of quite simple checks and modifications that can be made to a network to reduce the risk of becoming a victim of a security breach, so do take some advice on how to protect yourself before its too late. you could do worse than give us a ring and have a chat.
Tags: antivirus, computer security, data security, data theft, employee steals data, firewall, malware, network security, passwords, PC performance, Security, spam, virus