Hackers and online criminals are working day and night to access our data. They look for vulnerabilities in our software, and also in us. People have had their identities stolen and sensitive information accessed. Even the US government is vulnerable as demonstrated with the most recent series of attacks on sensitive servers. When this happens to a company it can be disastrous on a larger scale. Many small companies end up closing due to the financial implications of what has happened.
The term ‘paperless office’ has meant that more and more business information is being moved online. That increases the pickings for cybercriminals. When hackers are getting more and more clever, what can be done to protect company data? Let’s find out right now with these 10 security tips.
Consider Third-Party Hosting
When this option is chosen, the responsibility for data storage, updating software, and maintaining security is moved to the host company. If someone chose to use QuickBooks cloud hosting their data would be stored on a dedicated server. The advantage can be that a business is not sharing the host site with another company. With shared servers, both companies need to maintain their IT security. If one is hacked, the other company will also be hacked.
Other benefits of such hosting are that passwords and usernames are kept private, and there is automatically encrypted data backup.
Draft An IT Security Policy
One of the biggest security vulnerabilities that companies have is their staff. Employees should be advised not to leave their computer screens unlocked when unattended. USB sticks and hard drives should be securely locked away.
Businesses should incorporate their IT policy into staff employment documentation. This should include an outline of the responsibilities, accountability, and consequences of security breaches. Training sessions should be conducted as part of the staff induction process, and also on a rolling basis.
Training should also be given on creating and maintaining effective passwords, identifying phishing emails, and not downloading files for personal use. Staff should also be warned about using public wifi or reading private company information in public places.
Use A Virtual Private Network (VPN)
VPN software puts an encrypted (coded) layer around the person’s online activities. End to end encryption is where a message sent by one person is encoded, and it can only be unencrypted by the valid recipient. Website access and data exchange become secure as a result.
Without a VPN, staff may be vulnerable when working remotely. The wifi hotspots found in coffee houses, airports, or hotels frequently connect to insecure networks. This means it’s easier for hackers to access the data.
Install A Firewall
Companies have these as external hardware devices or internal software. They are built into Apple and Windows. Firewalls act as security guards day and night, observing all incoming and outgoing activities. They instantly report issues and block them.
There are a host of unwelcome visitors that firewalls are designed to stop, ranging from spyware, adware, viruses, and worms.
Use Antivirus Software
This is designed to supplement the effectiveness of the firewall. Defender software is installed within Windows 8 and 10. This can do the job effectively in most cases, but there is always the risk that such things as ransomware may be able to bypass it.
Warnings can also be provided by antivirus software that sites are insecure or have known risks.
Have A Strong Password System
A study found that from January to March 2019, 74% of security breaches related to passwords getting into the hands of the public.
Employees should never keep written passwords on their desks or share them with others; neither should they use the same one for different applications. Obvious passwords should be avoided too, including passwords, 12345 or previously used ones. They should be at least eight characters long and include letters, numbers, and special characters such as $£*&.
Password management software is well worth considering as it creates the passwords for you, stores them all in one place, and even logs in to programs for you.
Securely Dispose Of Data
If a computer, memory stick, external drive or laptop are thrown in the rubbish there is the chance that someone could take it. Even deleted files or reformatted drives are unable to stop criminals from gaining access to the data.
Fortunately, there are external companies that can securely dispose of computer equipment. When one looks at the financial risks involved, this could be well worth the money.
Perform Updates And Allow Patches
It may not be hard to imagine that a small item of software may have security vulnerabilities that need regularly addressing. More alarmingly, there are similar issues with big players such as Windows, Adobe PDF readers, Microsoft Office, Google Chrome, or Firefox.
Cybercriminals are constantly searching for blind spots and loopholes, so when they have discovered it’s necessary for an update or patch to be installed to keep them out.
Set Up Two Factor Authentication
This can be created for use when people log in to such applications as Facebook, Gmail, or Evernote. It can also be utilized when making online payments.
It acts as a ‘prove who you are’ question. Someone may receive a code by text that they need to enter into the computer before they can proceed. Alternatively, they will receive a phone call requiring a secure code.
Create Data Backups
USB sticks and external drives can be stolen or lost. Computers can break and websites can be hacked. When data is stored online there is an extra layer of protection.
Companies frequently create disaster recovery plans. They should include what to do when IT equipment is destroyed or a cyber attack has been effective. It’s no good waiting until it happens before such things are considered.
There are a host of actions and policies that can be put in place to protect a company’s data. When it is all adopted, a secure wall can be created to keep the villains out. Whilst many of these suggestions will cost money, the alternative can be unthinkable.