Norman Begg of online security company my1login
offers advice on protecting a developing business against computer
hacking and accidental data loss
As a business grows, so does the threat of data security
breaches, both accidental and malicious. Adding more
employees, additional premises, new hardware and mobile devices
into the mix all open up your business to potential dangers capable
of doing serious financial and reputational damage. Don't cut
corners on IT security or wait until it's too late to protect your
business.
Here are my top tips for securing your sensitive business
data:
Pass the Test
Real user data should never be used for software testing or
development purposes. Generatedata.com is
a free-to-use site which allows you to create real-looking user
data for these tasks. Also, remember to switch off test accounts
and close development environments when you're finished using them,
as these can be a route used by hackers to gain access to the live
environment and real customer data.
Set your Standards
If you need to store user data, be sure to use an ISO 27001
accredited server infrastructure. This ensures that it meets
international baseline information security management standards of
confidentiality and integrity.
Also, make sure that any customer data you store is encrypted
and that encryption keys are not stored on the same server. If
users have accounts with your service, ensure that their passwords
are 'hashed' and 'salted' using a strong algorithm such as
SHA-2.
Lock it up
Ensure that office hardware is physically locked down and access
to it is restricted. It's easier for a thief or hacker to simply
pick up and walk away with a piece of hardware than to crack their
way through multiple-layers of online security.
PCs and laptops should be set up to require passwords to log on
and employees should be encouraged to lock their screens when away
from their desk or device. If transporting user data on USB sticks,
make sure they're encrypted (using a free solution such as Truecrypt).
Stay Up-To-Date
Most Operating Systems and browsers will now auto-update, but
make sure the feature is switched on for all employees' devices.
Ensure that Anti-Virus, Anti-Spyware and Firewall software is
always up-to-date and that virus and spyware scans are run
regularly. Key loggers, screen-grabbers, Trojans and other viruses
can enable hackers to access accounts and ultimately obtain user
data.
Create a Password Policy
Ensure that employees are using strong, unique passwords, making
it much less likely that they will be hacked. Strong passwords
should have a minimum of 15 characters and include lowercase,
uppercase, digits and symbols. No password should ever be used
twice across different accounts. Unique passwords ensure that
should one system be compromised, exposure is isolated and the
business is protected from the domino effect of one hacked account
leading to another.
Educate on 'Scam Spotting'
Enforcing strong password practices is no good if employees
unwittingly hand their passwords over to hackers. Train staff on
how to spot phishing emails, the tell tale signs of a spoofed
website and how to avoid falling victim to social media based
scams.
Who goes there?
Keep track of who has access to what; from employee passcodes to
suppliers you have shared login credentials with. An audit trail
ensures that should an employee leave, or a contract with a
supplier end, it's clear whose access needs to be revoked and what
authentication details are required to be changed.
Stay safe online
Ensure good practice online: always use SSL/HTTPS on websites if
possible. Using SSL ensures your data is transmitted to and from
the web securely and is less susceptible to man-in-the-middle
attacks. Restrict the ability to download software on employee
devices.
Protect your Wi-Fi
Make sure your Wi-Fi network is secure and that access to it is
restricted: change your router's standard login details, enable
WPA2 security using a strong password, turn off the transmitting of
the network name, and don't hand out the Wi-Fi password
unnecessarily.