Is Your Business Safe?
Does your lack of data security keep you up at night? No? Well, it should. Your data is your lifeline. It’s where you keep all your information about your customers, your competitors, and your own performance. If it were to fall into the wrong hands, you’d be in big trouble. Not only would your operations grind to a halt, but you’d also be opening yourself up to potential litigation, as customers sue you for allowing their personal information to enter the public domain.
Scammers are becoming more and more successful in getting personal information. Even big companies like Verizon have suffered serious data breaches. Hackers stole more than 280 million records from Verizon, costing the company millions of dollars in lost revenue.
Small businesses, therefore, need to ask themselves whether there is anything they could be doing better to protect their data. Recently, Matt Watchinski, a cyber security expert, told Business Insider what small businesses should be doing to protect their data. This is what he recommended.
Educate Your Employees
Teaching your employees about safe conduct online is essential for protecting a business against data breaches. The reason for this is because hackers know that employees are usually the weakest link. It turns out that modern anti-virus and firewall software is actually pretty good. With numerous updates from Windows and software security companies, remotely hacking people’s computers without a human in the loop is tough.
People, on the other hand, are much easier to get around. They can be fooled by a variety of seemingly innocuous tactics, including getting them to give out usernames and passwords after following unscrupulous links. The best way to deal with this is not to have your IT department clean up the mess afterward. Instead, it’s to educate your workforce, according to Watchinski. It’s about having clear rules that apply in every situation. Never type in your password after following a link. Never respond to emails asking for information. And never leave devices logged in unattended.
Watchinski says that prevention is much better than cure. Most issues, he says, can be avoided by taking simple precautions anybody can understand.
Be Careful With Email
Email and instant messaging services seem so unthreatening, mainly because we use them every day. Many employees trust them so much that they’re willing to click or download any attachments, no matter what the source. Employees believe that the attachments are harmless, but later on, they discover that they’ve been locked out of their account or their computer is running slow. Links are often bad news. They’re the number one way businesses get infected with harmful malware.
It’s worth telling your employees that they must never click on a link if they don’t recognize the sender. And even if they do think that they recognize the sender, they should make sure that it is who they think it is and not a scammer. Scammers will often choose email address names that are very similar to email addresses employees are used to getting emails from. They might change the position of the “@” or change a word from singular to plural, so it looks almost identical to the genuine email address. Small businesses need to communicate the importance of checking that the emails are the same, even if it is time-consuming. After all, it’s better than being locked out or having all your data stolen.
Technology has the potential to revolutionize business models. In fact, data is already doing this, allowing companies to make better marketing decisions and offer enhanced customer service. But all that technology can land you in a lot of trouble, especially if you don’t monitor communications in and out of your company.
The good news is that the same technology that is allowing your business to make better decisions is also helping to keep your network secure. Intelligent algorithms, also known as AI, are now able to monitor the entire network, looking out for packets of information that contain things that look like credit card numbers of passwords. They’re then able to alert you immediately if they think that there’s been a breach.
Watchinski says that the costs of not monitoring your network can be high. You only realize something is wrong when it’s too late, and the damage is done.
Protect Yourself On Social Media
Your network might be behind an enormous, impenetrable firewall, but there’s a good chance that this isn’t the only place where your company intersects with the wider digital world. Many companies are now also on social media, opening them up to new threats.
It turns out that hackers love social media. The reason for this is that businesses are usually a lot more lax about security when using Facebook than they are when they’re using their official internal resources. They neglect to use the proper Facebook privacy settings to protect their data and end up exposing themselves to criminals. Social media security needs to be as extensive as regular business security. The same standards need to apply, no matter which platform your colleagues use.
Backup Your Data
Backing up data used to be a real chore. Businesses had to physically save their data to a bunch of external hard drives and then store those drives in boxes. It was expensive and extremely time-consuming. With the rise of the cloud, though, those days are long gone, and so too are the excuses for not backing up data.
Data backups can now be performed remotely and automatically on a weekly basis. Having a backup means that your company doesn’t have to suffer a loss of data which could destroy its ability to operate.
Focus On Securing Mobile Devices
When you think about it, the difference between our attitude towards our smartphones and our office computers is pretty comical. Office computers are safely stowed away in our offices, password protected and powered down because of the sensitive data they contain. Smartphones, on the other hand, have little more protection than our jacket pocket, and yet they contain the same sensitive information.
This is why Watchinski recommends that small businesses think carefully about how to secure their mobile devices, especially if staff are constantly on the move. The first thing he suggests is using encryption software. Encryption software makes it harder for hackers to intercept conversations between your colleagues. He also suggests that every mobile device has a password combined with a timed lockout feature. This means that even if the device is left unattended, a person without the password cannot access it. Finally, he suggests that all mobile devices have a remote wipe feature. This allows you to delete any sensitive information as soon as you discover that the phone is lost.
Update Critical Software Regularly
If you’re a computer buff, you’ll have noticed that Windows and iOS get regular updates. Sometimes these updates are just to add new features you’ll never use. But more often, they contain important security patches to protect your computer against the latest threats.
According to Watchinski, security applications are only as good as their most recent update. No anti-virus software he says is 100 percent foolproof. But updating these critical applications on a regular basis prevents you from being another target of a malicious campaign.
Put Up A Firewall
Firewalls are a little bit like a city gate. They control the information coming into and going out of your computer network. In theory, firewalls are supposed to prevent anything from coming in that is dangerous.
Of course, in the real world, this isn’t how things usually work, especially if your business is the first to be targeted by a particular kind of attack. However, once the nature of an attack has been identified, software security companies are pretty good at updating the firewall to counteract the new threat.
Create Strong Passwords
The easiest thing people can do to improve their data security, according to Roland Cloutier, a board member of the National Cyber Security Alliance, is to boost the strength of their passwords. Cloutier is amazed by how many businesses that need to protect precious data still use passwords like “password” as their passwords.
Crafting a good password is easier than most people think. Cloutier says that the best passwords use combinations of capital letters and regular letters, as well as numbers. This vastly increases the number of combinations criminals need to crack the code. Cloutier suggests that companies avoid using actual works and instead make sure that their passwords are generated randomly.
Microsoft also provides some guidance on what to avoid when it comes to passwords. For instance, don’t write common words spelled backward – this is something hackers will try. Also, don’t contain any personally identifiable information in your password, like your date of birth, for instance. Why? Because there’s a good chance that a determined hacker could find this information somewhere on the web.
Finally, Microsoft says that companies must avoid using sequences of letters and numbers that are close together on the keyboard, like “12345.”
Cloutier says that companies should change their password every 90 days.
Check out this official password strength testing tool to ensure your passwords are doing their job:
Websites by Masterhouse
Masterhouse Media is an innovative digital consulting agency from Vancouver, BC specializing in web development and mobile apps. Masterhouse is best known for launching the popular Internet portal Clubvibes.com in 1999, one of the first social media platforms on the Internet. The company is currently focused on building digital strategies and premium websites for clients. Find out more at masterhouse.net