When it comes to targets for hackers, file servers are often the “golden ticket.” Gaining access to the server where a business stores all of its most important files often means that hackers can steal everything from customer databases to intellectual property.
As a small-business owner, you might be thinking, “But we don’t have any file servers. We’re safe.” That’s not necessarily true, though. Do you have an old desktop computer that’s only being used to store files that need to be accessed by multiple people? If you do, in a sense you have a file server. In fact, some experts guess that while many small businesses do not have file servers in the traditional sense — that is, servers that aren’t used for any computational functions, but only for the storage and retrieval of files — most have a device devoted to file storage.
In either case, these servers are vulnerable to hackers and data breaches — and it’s important to protect them, or face serious consequences.
Why File Servers Are Vulnerable
Most large businesses with complex networks understand the importance of protecting their file servers, and place the same priority on protecting those assets as they do any other. In smaller enterprises, though, the machines serving the same purpose may not receive the same level of protection.
For example, in some companies, the “file server” is nothing more than a standard computer, and in some cases, that machine might be in use by a specific employee or available for other tasks. A company that needs to use specialized software, such as a video or photo editing program, may not need or want to buy licenses for all employees, and therefore installs the program on a shared computer that employees can access when necessary. The problem, however, is that when the machine that’s used for file storage is accessed by many people, or even just one person who conducts daily tasks on it, it’s suddenly vulnerable to the same cyber attacks as other machines, including social engineering attacks that deliver malware.
Some of the other risks to file servers include:
- Poor management of files and lack of access credentialing. Many small businesses simply do not have the resources necessary for permission-based file storage.
- Lack of physical security. While some companies lock servers or computers in a server room or closet, machines that are used daily are not generally locked.
- Businesses that use unsecured wireless networks are putting their servers at risk to hackers who can easily access login credentials, and then search the network for sensitive files.
Given the risks and consequences of a data breach, it’s important to secure your file servers as you would any other aspect of your network.
Protecting Your File Server
Because your file server is such an attractive target to hackers, and it has a tendency to be overlooked when it comes to security, it’s important to consider how you’re protecting your important data and take steps to secure this vital equipment. At minimum, it should be a separate machine in a locked, secured area with limited access. However, there is more you can, and should, do to keep the file server safe.
One option that seems to make sense for many small businesses is moving to a private cloud. While critics have often dismissed private clouds as being too expensive for small business, advances in technology and colocation offering have made it possible for even microbusinesses to access private clouds. Small businesses can actually replace a number of solutions — including file servers, backups, cloud storage, and collaboration tools — into a single private cloud device that usually costs less than handling all those tasks separately. Not to mention, a private cloud offers a higher level of security than the typical small business solutions, reducing the chances of a catastrophic data breach.
Beyond just moving to private cloud solutions, small businesses should follow the same security protocols for their file servers as they would for any other machine. This includes employing end-to-end encryption, ensuring that all security patches and updates are installed are appropriate, and installing comprehensive antivirus and malware protection. Controlling access to sensitive data via authentication is also vital to keeping it out of the wrong hands.
Considering that almost 75 percent of cyber attacks target small businesses — and the average attack costs about $9,000 — investing in more comprehensive protection for file servers can save money in the end, or even keep a small business in operation. If you’re still just using an “extra” computer to share files, or haven’t given much thought to protecting your physical server, now is the time to do so.