The 7 Most Critical IT Security Protections

Page 1

THE 7 MOST CRITICAL IT SECURITY PROTECTIONS Is Your Business Protected From Cybercrime, Data Breaches, and Hacker Attacks?

Cybercrime is so widespread that it’s practically inevitable that your business – large or small – will be attacked. Fortunately, a few small preventative measures can help prepare you and minimize (or outright eliminate) any reputational damages, losses, litigation, embarrassment, and costs.

IS YOUR BUSINESS A SITTING DUCK FOR CYBER CRIMINALS? Small and mid-sized businesses are under attack. Right now, extremely dangerous and well-funded cybercrime rings are using sophisticated software systems to hack into thousands of small businesses like yours to steal credit cards, client information, and swindle money directly out of your bank account. Some are even being funded by their government to attack American businesses.

“Not My Company…Not My People…” You Say? Don’t think you’re in danger because you’re “small” and not a big target like a J.P. Morgan or Home Depot? Think again. Seven hundred fifty million new malware threats were released in 2017, and that number is growing. Half of the cyber-attacks occurring are aimed at small businesses; you don’t hear about it because it’s kept quiet for fear of attracting bad PR, lawsuits, data-breach fines, and out of sheer embarrassment. Smaller businesses are low-hanging fruit for cybercriminals because these businesses do not have the security defenses in place to prevent hackers from their malicious activities. Make no mistake: small businesses are compromised daily, and the mentality of “that won’t happen to me” is a surefire way to leave yourself wide open to these attacks. The National Cyber Security Alliance reports that businesses have vital information to protect: 69% handle sensitive information, including customer data; 49% have financial records and reports; 23% have their intellectual property, and 18% handle intellectual property belonging to others outside of the company. You can’t turn on the TV or read a newspaper without learning about the latest online data breach, and government fines and regulatory agencies are growing in number and severity. Because of this, it is critical that you have, at the very least, the following seven basic security measures in place.


Train Employees on Security Best Practices The #1 security threat to any business is you and your employees. Almost all security breaches in business are due to you or an employee clicking, downloading, or opening a file that’s infected. Either on a website or in an email through a phishing attack, once a hacker gains entry, they use that person’s email and access to infect all the other PCs on the network. If they don’t know how to spot infected emails or online scams, they could compromise your entire network.

ASG Information Technologies

9 South Cherry Street, Wallingford, CT, 0649


Further, if the data in your organization is highly sensitive, such as patient records, credit card information, financial

Create an Acceptable Use Policy (AUP) – and Enforce It

information, and the like, you may not be

An AUP outlines how employees are

but that doesn’t mean an employee

permitted to use company-owned PCs,

might not innocently “take work home.”

devices, software, Internet access, and

If it’s a company-owned device, you need

email. We strongly recommend putting

to detail what an employee can or cannot

a policy in place that limits the websites

do with that device, including “rooting”

employees can access with work devices

or “jailbreaking” the device to circumvent

and Internet connectivity. Further, you

security mechanisms you put in place.

have to enforce your policy with contentfiltering software and firewalls. We can easily set up permissions and rules that will regulate what websites your employees’ access and what they do online during company hours and with company-owned devices, giving certain users more “freedom” than others. Having this type of policy is particularly essential if your employees are using their personal devices to access company email and data.

legally permitted to allow employees to access it on devices that are not secured;


Require STRONG Passwords and Passcodes to Lock Mobile Devices. Passwords should be at least eight characters and contain lowercase and uppercase letters, symbols, and at least one number. On a cell phone,

If that employee is checking unregulated personal emails on their laptop that infects that laptop, it can be a gateway for a hacker to enter YOUR network. If that employee leaves, are you allowed to erase company data from their phone? If their phone is lost or stolen, are you permitted to remotely wipe the device – which would delete all of that employee’s photos, videos, texts – to ensure YOUR clients’ information isn’t compromised?

requiring a passcode to be entered will go a long way toward preventing a stolen device from being compromised. Again, this can be ENFORCED by your network administrator, so employees don’t get lazy and choose easy-to-guess passwords. Do not get lazy and put your passwords on a sticky note next to your computer. Doing so can put your organization at risk.


~ Mark Twain

ASG Information Technologies

9 South Cherry Street, Wallingford, CT, 0649



Keep Your Network Up-To-Date. New vulnerabilities are frequently found

Don’t Allow Employees To Download Unauthorized Software or Files.

in standard software programs you

One of the fastest ways cybercriminals

are using, such as Microsoft products; therefore, it’s critical you patch and update your systems regularly. If you’re under a managed IT plan, this can all be automated for you, so you don’t have to worry about missing an important update. Make sure you follow your IT providers plan for patching your computer and laptops.


access networks is by duping unsuspecting users to willfully download malicious software by embedding it within downloadable files, games, or other “innocent”-looking apps. This can largely be prevented with proper firewalls and security settings, as well as employee training and monitoring.


Have an Excellent Backup.

Don’t Scrimp on a Firewall.

Having a backup can foil the most

A firewall acts as the frontline defense

aggressive (and new) ransomware attacks

against hackers blocking everything you

where a hacker locks up your files and

haven’t explicitly allowed to enter (or

holds them ransom until you pay a fee. If

leave) your computer network. But all

your files are backed up, you don’t have

firewalls are not the same. Make sure

to pay a crook to get them back. A good

your business-class firewall will include

backup will also protect you against an

monitoring and maintenance, just like all

employee accidentally (or intentionally!)

devices on your network. Your IT person

deleting or overwriting files, natural

or company should do this as part of

disasters, fire, water damage, hardware

their routine maintenance.

failures, and a host of other data-erasing disasters. Again, your backups should be AUTOMATED and monitored; the worst time to test your backup is when you desperately need it to work!

ASG Information Technologies

9 South Cherry Street, Wallingford, CT, 0649

NEED HELP IMPLEMENTING THESE 7 ESSENTIALS? If you are concerned about employees and the dangers of cybercriminals gaining access to your network, then give us a call and we can help implement a managed security plan for your business.

To get started we are offering a free, no obligation IT Network Security & Backup Assessment of your company’s overall network health to review security holes and risks that may be lurking on your computer network. We’ll also look for common places where security and backups get over-looked, such as mobile devices, laptops, tablets and remote PCs.

AT THE END OF THIS FREE AUDIT, YOU’LL KNOW: DZ Is your network really and truly

DZ Are you accidentally or intentionally

secured against the most devious

violating laws and regulations such

cybercriminals? And if not, what do you

as the Gramm-Leach-Biley Act, FINRA,

need to do (at a minimum) to protect

or PCI, HIPAA or other data-privacy

yourself now?

laws? New laws are being put in place

DZ Is your data backup TRULY backing up ALL the important files and data you would never want to lose? We’ll also reveal how long it would take to restore your files (most people are

frequently and it’s easy to violate one without even being aware; however, you’d still have to suffer the bad PR and fines. DZ Is your firewall and antivirus

shocked to learn it will take much

configured properly and up-to-date?

longer than they anticipated).

Do you have someone watching over

DZ Are your employees freely using the Internet to access gambling sites and porn, to look for other jobs and waste

them daily to make sure they are working properly? DZ Are your employees storing

time shopping, or to check personal

confidential and important information

e-mail and social media sites? You

on unprotected cloud apps like

know some of this is going on right

Dropbox that are OUTSIDE of your

now, but do you know to what extent?

backup? These types of backups are not recommended.

ASG Information Technologies

9 South Cherry Street, Wallingford, CT, 0649

I know it’s natural to want to think, “We’re all set.” Yet I can practically guarantee my team will find one or more ways your business is at serious risk – I see it all too often in the businesses we’ve worked with over the years. Even if you have a trusted IT person or company who put your current network in place, it never hurts to get a 3rd party to validate nothing has been overlooked. I have no one to protect and no reason to conceal or gloss over anything we find. If you want the straight truth, I’ll report it to you.

You Are Under No Obligation To Do Or Buy Anything I also want to be very clear that there are no expectations on our part for you to do or buy anything when you take us up on our IT Network Security Assessment and Backup Assessment. I will give you my guarantee that you won’t have to deal with a pushy, arrogant salesperson because I don’t appreciate heavy sales pressure any more than you do. Whether or not we’re the right fit for your company remains to be seen. If we are, we’ll welcome the opportunity. But if not, we’re still more than happy to give this free service to you. You’ve spent a lifetime working hard to get where you are. You earned every penny and every client. Why risk losing it all? Get the facts and be sure your business, your reputation, and your data are protected. Call us at 203-440-4413, or you can email me at

Dedicated to serving you, Robert Mitchell, President & CEO

ASG Information Technologies

9 South Cherry Street, Wallingford, CT, 0649