ServerBase Blog

The basics of IT security for SMEs

Norwin Metzger
Von Norwin Metzger
Friday, 25. October 2019

Is the information in my company adequately protected against theft, manipulation and loss? Which measures make sense for me as a small company to ensure good IT security? We distinguish here between technical and non-technical measures that increase IT security.

Technical measures

The primary aim of technical measures is to prevent threats from getting in touch with your data. The protective effect depends strongly on the product and never offers absolute security. For this reason, non-technical measures are also required in any case in order to further minimize the residual risk of the technical measures.

Firewall: Protect your network with a firewall. This firewall must not only be installed, but also configured correctly and provided with regular security updates. The firewall ensures that your network is shielded from the Internet and that only the data traffic that is desired is allowed. Some modern firewalls are equipped with artificial intelligence and automatically detect when, for example, an infected PC wants to communicate with the Internet and automatically block it.

Anti-Virus: If a virus reaches your PC despite a firewall, an anti-virus software blocks its execution or is able to clean an already infected system. Windows comes with Defender which provides basic anti-virus protection with very good AV-TEST rating. Third-party products have a wider range of functions and increasingly use artificial intelligence to detect and defeat malware, including ransomware.

Web filter: A web filter blocks harmful websites and prevents your employees from accessing such websites at all via links in e-mails or advertising banners. They are available either as software for the PC, plugin for the browser or centrally integrated into the firewall.

Spam/virus filter for e-mail: Prevents malicious emails from finding their way into your inbox at all. Good email providers already have such a filter built into their product by default, so you don’t have to worry about it.

Backup: Make sure you always have a working backup available to limit damage in case of data loss. Check regularly that the data recovery works. The best backup is useless if it cannot be restored at the end.

Non-technical measures

Use strong passwords: Urge your employees from using strong passwords that are difficult to guess. Use at least 8 characters, mixed with capital letters, lower case letters, numbers and special characters. They must not contain words, dates of birth or anything similar. Use a different password for each login. With the password check of the Data Protection Officer of the Canton of Zurich you can test the security of your passwords without risk.

Block all accesses of former employees: Ensure that former employees no longer have access to your data. Block all employees’ personal accounts and change passwords from central accounts. Think also of social media and cloud software.

Authorization management: Define clearly which employees can access which data and make sure your policy is correctly enforced. This protects against malicious activity by employees and reduces unintentional damage, for example by Ransomware.

Training: Sensitize your employees in dealing with your IT systems and possible dangers. This includes the use of e-mail and web browsers, but also the release of sensitive information via telephone or to external persons in your business premises. The video below (German only) sensitizes you and your employees to a better awareness of more information security in just a few minutes.

Conclusion

There’s never absolute security. But the measures mentioned help to reduce risks in the best possible way with little effort and cost. Attackers usually look for the easiest victims and so it already helps a lot to keep the protective measures above average. Every managing director should at least be familiar with IT security and suitable measures.

« Back to the Blog

ServerBase Produkt-AssistentProduct Assistant
ServerBase Product Assistant

Product Assistant

Our product assistant helps you to find the right products.

In-house IT know-how

Do you have in-house IT personnel or know-how?

Server or services

Would you like to buy entire servers or just specific services?

Availability or price

Is high availability or a low price more important to you?

Number of servers

We can only achieve high availability with virtual servers. How many VMs do you want to operate?

We found something for you!

Success

Cluster VPS

Cluster VPS are virtual servers with extremely high availability, which continue to run without interruption even if our server hardware fails.

Shared or dedicated hardware

Do your VMs need to be separated from other customers only logically (IaaS) or even physically (dedicated Private Cloud)?

We found something for you!

Success

Virtual Datacenter

Virtual Datacenter (VDC) is the flexible and completely autonomously manageable IaaS solution from ServerBase.

We found something for you!

Success

Private Cloud

Our highly available Private Cloud offers simple, web-based management with the flexibility and security of an on-premises environment.

Server type

Do you prefer dedicated bare metal servers or virtual servers?

We found something for you!

Success

Dedicated server

Rent dedicated physical server hardware that is entirely dedicated to you and completely free to manage.

We found something for you!

Success

Standard VPS

Cost-effective servers for standard applications without special requirements with SSD or HDD storage.

We found something for you!

Success

Which service are you looking for?

Full outsourcing

Would you like to outsource your complete IT and have it managed by us?

We found something for you!

Success

My Workplace 2.0

With My Workplace 2.0, you store all your data and applications in our secure Swiss data centers and access them from anywhere.

We found something for you!

Success

What would you like to outsource?