Securing Your Business - Hardware & Software
October 25, 2017
Data breaches are big news when they happen to big companies - but devastating when they happen to your company. Cyber security is a concern that every company, of any size, needs to take seriously. If you do not have a cyber security plan, then you need one now.
You have two major areas of concern - software and hardware. Talk to Access One about a plan for both.
Most of the time, we talk about passwords when it comes to securing cloud accounts. Passwords are important, but it is worth considering multi-factor identification (one-time keys texted to the person's phone, access cards, etc.) if your company uses highly sensitive data such as financials. For lower security, MFA can be more annoying than useful. Require passwords to be changed at least every three months, to a password the employee has not used in at least a year. Passwords should be unique to each account. However, there are other concerns. Make sure that all devices (including Macs) have anti-virus software installed and have employees or IT people run malware scans frequently. Keep all security software updated. Also require employees to use ad blockers to block potential malware when surfing the web and reduce the number of crashes caused by poorly coded apps. Any device that is connected to the internet should have an active firewall, preferably one that also masks its IP. This includes computers your employees use to work from home - educate your employees on firewall use.
Modern operating systems come with decent firewalls already installed. Use encryption on cloud drives, which can potentially be accessed from anywhere with a stolen password. If you have particularly sensitive information in the cloud, then consider getting cyber security software that detects threats and warns your IT staff or IT partner - if you use managed services, talk to them about how they handle cloud security, and also talk to your cloud provider. Educate your employees on best practices - this includes avoiding sites that don't allow you to block ads (this is often a sign that they have dangerous ads) and not clicking through email links - especially links to banks or PayPal. Make sure they always go to financial sites directly through the browser. Also educate them on the symptoms of malware and of browser intercept hacks. Keep your social media accounts secure by using a good password. If an employee with access to social media or your blog quits or is fired, change the passwords immediately so they can't leave any nasty surprises on the way out.
Remind employees that privacy settings can get screwed up and anything they say in private on social media can accidentally end up being public. If you take credit cards online, follow all of the best practices to protect data and avoid liability for fraud. Make sure your online shopping site is secure. For very small businesses it can be better to work with an e-commerce partner. Watch out for fraud warning signs. Expedited shipping when bill to and ship to addresses are different is a major red flag, as are overseas IP addresses associated with domestic billing addresses. Always require the security code.
Protecting your hardware starts by protecting your physical location. All of the software security won't help you if somebody breaks in and gets access to a system with a password manager (which most people use these days). Practice good physical security and have a good alarm system. Recommend that employees who work at home install a home security system if possible. If you have a server room, keep it locked and give keys only to people who actually need access. (Don't keep your wi-fi router in the server room if it's locked, though, or bad things will happen if it crashes). If you rent space on somebody else's server, make sure to go over their physical security policies when selecting a vendor. However, many data breaches happen when a phone, tablet, or laptop is handled carelessly.
Educate your employees and make sure they never leave their devices unattended in public places. Phones, in particular, should not be left in hotel rooms - theft from hotel rooms is a particular concern. If laptops must be left in hotel rooms, they should be hidden. Log out of laptops on trains and planes before getting up to go to the restroom, or put them back in the bag. Use encryption to further protect hard drives and phone storage. If all of this seems overwhelming - then talk to your IT pro. Now might be a good time to consider managed IT services - Access One can help you come up with a cyber security plan that appropriately balances security and convenience for your business and adapts as your business grows.