3 Common Mistakes Small Businesses Make

 If you own a small business, there is a lot to worry about. Why let these three common IT security mistakes be part of that worry? In this post, we will be covering what you could be doing wrong and why it's an issue for your business. 

1) Backups

With cybercrime and ransomware becoming a real threat for many businesses, quality backups are a must-have to keep your critical data secure. With that said, many small businesses have poor backup systems in place or completely forego implementing a backup solution altogether.

You have a weak backup system if you: 

  • Infrequently backup your data,

  • Store backups on the same drive/computer you're backing up,

  • Have only one copy of the backed up data,

  • Don't test your backups,

  • Have no redundancy built in,

  • Infrequent or no off-site backups.

Listed above is just the tip of the iceberg. In reality, there are many reasons backups could be done incorrectly. If they're done incorrectly it could pose a major issue to you and your company by causing unnecessary downtime or loss of important data. To determine a quality backup policy for your business, you need to figure out:

  • The amount of data to be stored,

  • How secure your data needs to be,

  • The redundancy of your storage,

  • Your budget.

A general rule of thumb for ensuring you have a secure and effective backup solution:

  • Set a schedule for your backups. In most cases, biweekly at midnight is more than enough.

  • Test your backups regularly to ensure everything goes smoothly if you need to rollback.

  • Do not publicly expose your backup servers to the internet.

  • Incorporate an off-site backup solution to protect against data loss. There are many quality services to choose from. We can recommend Amazon S3 or BackBlaze.

  • Encrypt your drives if you have multiple backup solutions; This will prevent unauthorized data access if your equipment gets stolen or is improperly decommissioned.


2) Network Security

Many small businesses have a network that's similar to your standard home network. A router with a network switch, wireless access point, and firewall built into one package. Don't get me wrong; they aren't inherently bad but lack more advanced firewall configuration and security features you'd expect to find in a business environment. With the features you find on more advanced equipment, you can:

  • Segregate your networks using VLANs,

  • Implement firewall rules for specific LANs,

  • Implement IDS and IPS to monitor and protect against attacks,

  • Deny devices from communicating with other devices on the network,

  • Have better control over services exposed to the public internet.

There are so many more features you'd have access to which can be used to better secure your network.

    What is an "IDS", "IPS", or "VLAN"? To put simply, an IDS (Intrusion Detection System) examines data sent through your network to detect and notifies you or an administrator about known cyberattacks.

IPS (Intrusion Prevention System) is essentially the same thing as IDS, just better. An IPS will help stop the data from known cyberattacks from being sent as-well-as notifying you or an administrator of them.

A VLAN (Virtual Local Area Network) allows you to effectively separate one network into many networks while using the same backbone. It can protect your critical infrastructure, such as servers, from other devices connected to the same network by allowing you to split them into different virtual networks with different VLAN IDs.

Generally, we recommend the following:

  • If you're using wireless, generate a secure password and/or uniquely authenticate users.

  • Separate devices into different networks. For example: Separate guest devices from your workstations.

  • Implement a protection system like IDS/IPS to help detect known threats.

  • Incorporate VLANs and firewall rules to limit internal devices from accessing each other.

  • Disable UPnP on your router. It can expose services without your knowledge!

  • Don't expose services to the public.


3) Workstation Security

Company-owned workstations are the most commonly overlooked device when it comes to implementing security measures. Sure they have anti-virus software installed on them but, that only protects against known threats. Many small businesses overlook issues like:

  • Employee user accounts having more permissions than needed.

  • Poor user passwords.

  • Inadequate to no training with phishing, spoofed websites, running unknown applications, and inserting unknown USB drives.

  • Outdated operating systems.

Implementing the above mistakes properly will help mitigate more sophisticated and organized attacks.

    An easy way to regulate and fix issues relating to user accounts would be to deploy a centralized user account and permissions solution. Using Microsoft's Active Directory, you can deploy a basic setup within about fifteen minutes for Windows workstations. There are ways to use Active Directory with Linux but, it may become tedious and complicated relatively quickly. If you have workstations that run on outdated operating systems, your company is at risk. Old operating systems such as Windows XP or Windows 7 no longer receive security updates from Microsoft. They will, if not already are, be susceptible to exploits to gain access to the machine. If you're unable to update your operating system due to compatibility issues, please look for an updated alternative or take active measures to isolate those machines. The following can be beneficial to secure your workstations:

  • Regularly create backups of your workstations.

  • Encrypt the drive of workstations with sensitive data on them.

  • Limit the use of local and domain admin accounts and only use them when they're needed to resolve an issue.

  • Install or enable anti-virus software. In most cases, Microsoft Defender is more than sufficient and comes standard with Windows 10.

  • Have employees use secure and unique passwords for all their accounts. Password managers make this easy.


Security is an important matter to keep your business and your customers safe, so don't neglect it. If you need help with any of the above subjects, feel free to reach out to us. We'd be more than glad to help you secure your business.

We will be releasing more articles going in-depth on the topics covered here shortly. Don't forget to sign up for our newsletter on our website so you won't miss them.

Popular posts from this blog

How To Make Your Passwords More Secure

  Passwords are used by millions of people every day and are essential to the security of your information. Chances are, your password isn’t as secure as you think it is. This is especially true if you’re using passwords such as: Dates like: your birthday, anniversary, or your children's birthdays Your children’s names, pet names, or even your name Passwords containing “abc...etc.”, “abc123”, or “1234” While you want your passwords to be easy to remember, you want to make sure they’re hard to guess. So, for example, your favorite color is blue. That’s easy to remember, right? However, when formatted like this: “Myfavoritecolorisblue” it would be way too easy for someone attempting to gain access to your account to guess. Let’s try replacing some of those letters with other characters like numbers or symbols to make it a harder to guess. That would look something like: “MyF@v0r!teC0l0r15B1uEe,” which allows you to keep easy-to-remember passwords but makes it difficult for someone el...
Read more