With so many reports of cyber security breaches (especially at reputable companies like Target, Equifax, and FedEx), it has become increasingly necessary to implement a layered security strategy. Breaches can happen to the best of us, and unlike a house break-in where there is often evidence of a crime, it is a lot easier for digital theft to go unnoticed until it is too late.
With Thanksgiving around the corner and cybersecurity on the mind, we thought we’d take a few minutes to share some of the most effective security tips and tricks. We are so grateful for the peace of mind they give us, and our clients agree! We hope that by sharing them, we can help you and both your personal and business data remain safer and more secure this holiday season!
Turn on Two-Step Authentication
While it can be a bit annoying at times, the extra step in multi-factor authentication can go a long way in keeping your company (and personal) data safe. One way to start is to implement two-factor authentication, which requires a password and an additional code sent to the requester’s phone or email. Implementing MFA across every user and IT resource (including cloud and on-premise apps, VPN, servers, etc.) blocks cyber-attacks at multiple points in the attack chain and protects against compromised credentials. It is one of the best ways to proactively prevent unauthorized users from accessing your organization’s data.
Secure Your Remote Access
With a growing remote workforce, it is increasingly important to ensure smooth, reliable, and secure access to corporate files. One way to do this is via a Virtual Private Network (VPN). This can mask your IP address (or internet location) and make it more difficult for intruders to gain access to your enterprise’s information. There are also cloud-based applications that help provide secure remote access to corporate data. Whenever possible, avoid using location-based services that publicly check you into a location or apps that use your position to track your whereabouts.
Protect Your devices
If you don’t have a password to unlock your phone and computer, stop what you’re doing right now and protect these devices (or more importantly, the information they hold) by setting one up. That will ensure no one can access the contents of your devices (like email and documents) if they are misplaced or stolen. Ensure that your passwords are complicated, unique, and difficult to crack. If you are not good at remembering this kind of password, consider deploying a password manager, which can help you do so.
Deploy a Security Program
At the very minimum, make sure that you have a virus protection program in place for your organization. Many now come with privacy packages to help you in case you do get hacked. Ideally, you have both antivirus and antimalware tools in place. There are a number of programs available – take the time to understand which are the best for your enterprise.
Always Install Updates
Don’t dally when it comes to installing updates for your applications, Operation System, and website. Cyber criminals are constantly seeking out flaws in operating systems and software. Staying up to date will correct those vulnerabilities before hackers can leverage them. Developing a patch management strategy will help you ensure that everyone in your organization is on top of updates.
If you haven’t already made the switch to SSL (Secure Socket Layer) for your corporate website, now is the time. Doing this will ensure that communications to and from your website are encrypted. This is important for your users, especially if you capture any sensitive information like name, email, or credit card data. Similarly, beware of inputting information into any site that doesn’t start with “https.” Google is taking gradual steps to reward sites using https and calling users’ attention to insecure pages on its Chrome browser. Firefox, Internet Explorer, Safari and others are following suit.
Back It Up
Schedule regular backups of significant documents and files. We abide by the three pillars of back-up: live, local, remote. This means that even though your files might be secure on the cloud and on your hard-drive, you should always have a third copy on an external hard drive or through a network attached storage device (NAS) in case of a cyber attack. Protecting these backups with passwords and encryption will provide an additional layer of security for your data.