It's all over the news on a weekly-basis; another possible data breach of your credit card numbers, where you love to shop or how many times you've watched cat videos. Although most of these data breaches are about a user's personal data, it's important as a company to know what you can do to prevent this from happening. In the digital age, there are never foolproof systems or 100% assurances, but there is a huge difference in leaving your door open or requiring 6 different keys to gain access.
We're going to run down our Top 6 tips for prevent security and data breaches and what you can do to implement these today.
This sounds obvious, but it's not just about having a password. Your users, for example may be able to set their own passwords, but how often are they changed? Do they have numbers, capital letters and punctuation? The more complex a password, the more difficult it is to crack.
An extra step beyond a standard password to protect your information, 2-Factor Authentication (2FA) is now fairly standard across many online systems.
2FA is typically known most when using online banking, it's a second, randomly-generated passcode which can only be known by you. With most online services, this involves a text message to your mobile phone with a one time passcode to allow you access.
Office 365 and Gmail are among many services which provide free 2FA for you to use, and whilst it adds an extra step / delay to sign in each time, this is quickly overshadowed by the protection it can offer.
If you regularly have customers or businesses visiting your office, they will most likely require access to the internet at some point. Whether they need to check emails or grab some important documents, they will usually end up asking for a network port or more commonly now - the Wireless password.
However you have no idea what condition their IT equipment is in! Although you may trust your visitor, if they are using a spare Laptop that hasn't had the latest security updates or Anti-Virus updates, they could already be infected. By allowing them access to your internal infrastructure just invites bad news.
If you have Laptops in your IT setup, you more than likely take them out of the office at some point or another. If that device is lost or stolen, anyone can take the hard drive out of the Laptop and read the data like a book. Remember in 2007 when Child Benefit Data went missing? CDs that were sent in the mail without being encrypted.
How many of your staff can access your network or sensitive data from outside the office? You may have a VPN or Remote Desktop set up that allows staff to connect from anywhere. This is great for the annual March Snow Day or Royal Wedding, but if it's not updated with the latest security features or left open to anyone it can cause issues.
If you have a business, you have email and with this comes many issues surround security. Spam, fraud, sending data out; you name it, we've seen it. It only takes one bad file sent to you by a "customer" to infect your machine and the entire infrastructure.
What you can do today
- Implement a password policy, ensure passwords are changed regularly and that they meet a complexity requirement before being accepted.
- Enable 2-Factor Authentication on services which hold company information.
- Create a segregated guest network that only allows access to the internet and not your internal network.
- Encrypt your devices! Apple and Microsoft both have great encryption offerings that cost £0. It's a no-brainer.
- Restrict Remote Access to staff that need it. Ensure that all security features are enabled, like Multi-Factor Authentication.
- Anti-Virus and Spam Protection offerings are abundance nowadays, ensure you have both and they're set up to protect you from bad emails.
Get In Touch
As always, Tekkers IT can assist with all of the above. We don't just get it set up, we make it work for your business needs. Give us a call today.