Here is a list of ten things you can do immediately to minimize riskof being compromised by a digital security threat. Some of these measures involve some cost, such as couple of hundred dollars, or up to a thousand – it is a small price to pay for ensure the security of your business.
- If you use computers, you are vulnerable. If you move data around to other computers, servers or the cloud, you are more vulnerable. And if you employ people that sit in front of computers, connected to the internet, you can safely say that you are reachable by any hacker, virus or malware in the world. The tip: make a list of connected resources, devices, software and services you use. And understand how to secure them.
- Introduce the principle of data access as a privilege not a right.Data is only available to those that need it, rest is locked away. No unnecessary open shared, folders, directories. No network access to any device for anyone.
- Backup your data to another two targets, one of which is in another location, preferably hourly, so you never lose more than an hour of work, whatever happens to your source. NETGEAR’s Ready NAS is a known safe technology for that.
- Most malware comes in through emails or bad websites. Hackers come in through the front door, or by finding an opening through a computer or your internet connection. Concentrate first efforts of defense by filtering email and web traffic. Get a good firewall to separate your office from outside. Then get endpoint security on PC’s, laptops. Use OPENDNS in your internet modem / gateway instead of the addresses filled in by your internet service provider. DNS is the phone book of the internet and changes the name of a website to its digital address. Using a good DNS makes it possible to filter bad known websites from being reached by your computers.
- Teach yourself and your employees what not to do. For example, avoid clicking on incoming unknown email attachments, or opening emails from unknown senders. Don’t use USB memory sticks. Virus scanners on computers need to scan incoming files. No downloading content allowed except from trusted sources.
- Update every piece of software, and every firmware on any piece of hardware, you own as often as possible.
- Split your network up in segments (VLANs) that cannot ‘see’ each other. In that way you limit transparency for intruders.
- Change your passwords often. Monthly at least. Don’t write them down. Secure your WiFi by using good passwords that change as often. Give guests internet access through WiFi with a password (no open network) and no access to the network.
- Do not open email with Office documents – they can contain infected macros. If you have to, use up-to-date virus scanners to examine them before using. Text can go in flat emails, no need to use .doc files.
- Avoid public cloud services made for consumers. They are free but bring risks. Services like Dropbox, iCloud, Google Drive are exposed to the internet every second. Once hackers figure out your email address they can start guessing passwords or even lure you into giving them up by sending you fake emails (that is called phishing). Don’t ever give login or password information over the phone or over email.
Do you have any such tips? Leave them in the comments below.