When it comes to tech security, articles tend to sound negative. There's an easy explanation for this: securing data is gravely important to the health of your business. Failing to do so can result in fines, sanctions, loss of reputation, loss of trust, and maybe the loss of the business altogether. Fortunately, there is good news: tech security can be improved. There are Managed Security Services Providers that are prepared to help businesses with any security challenges they are facing. As growing cybercrime continues to threaten businesses, it's more important than ever to take care of the basics.
Here are 11 tech security mistakes your business is likely making:
The days of 'Lastname1' are in the rearview mirror. But, many businesses didn't and still haven't gotten the message. Weak passwords are a flimsy first line of defense that makes life too easy on hackers. If you know your business is filled with reused, simple, and easy-to-guess passwords, push for a change. Use long, random, complicated passwords (a separate password for each set of credentials). If that sounds impossible to remember, use a password manager. Also, opt for multi-factor authentication whenever it's available.
Software updates are an intrusive annoyance. That's especially true when the notification calls for a computer restart or interrupts your work. In spite of their annoying nature, you shouldn't ignore them. It's tempting, but ignoring software updates often means ignoring critical security patches. Forego those patches and you're leaving yourself and your company vulnerable to preventable attack. Take the time to update all software and make sure that you're taking full advantage of the security features within.
Anti-virus software is another commonly-dismissed first line of defense. Anti-virus isn't flashy, but it can help catch the hordes of viruses that computers now face. Malware like spyware and Trojan horses are often detected and blocked by anti-virus software. If you don't install anti-virus company-wide and keep it updated, your company is inviting in unnecessary threats that can compromise your network security. Keep anti-virus installed - it's an ally in the quest for data security.
Have you ever opened an important company document over public Wi-Fi? Some people assume that those types of channels are secure. They're not. As a general rule, make sure that private data isn't being accessed in public places, un-encrypted channels, or insecure e-mail servers. Even if things 'feel' secure, know whether or not they are for sure. Know the full story whenever you plan to send, receive, or access private data. In all instances where you or a coworker is unsure of the channel, err on the side of caution.
In the absence of a password manager and certainly for instructions on software, physical copies of digitally-stored information are created. In that event, take special care to not leave those copies lying around. If at all possible, try not to make them. But, if they have to be created, don't allow them to fall into the wrong hands or leave the building. Private info or company credentials on a physical sheet of paper is a potential leak of company data.
Does your company have a Disaster Recovery plan? A backup solution? Make sure that your company is testing the plans that are in place. This extends to all monitoring solutions, too. If you're not testing your solutions, you're not sure if you actually have them. Make certain that in the event of a data security disaster, you have a plan that works. Being able to recover data is hugely important.
If you're able to access information that is sensitive, but not directly pertinent to your job duties, that could be a problem. Full admin privileges should be given out rarely and access should be controlled at every level. Information most often leaks on accident and the less access that's given out, the more likely it is that the information will stay put. Employees should have access to what they need to perform their jobs. Anything more than that deserves a closer look.
Not that clicking itself is bad per se, but it can be when it's on unknown items. From e-mail attachments to links on the Internet (or social media), clicking can lead to significant security risk. Killing time on the Internet is seen as a generally harmless activity and cybercriminals take advantage of that perception. If you find yourself clicking on suspicious links, downloads, or attachments, know that it could lead to an unforeseen security breach.
You're reading this article now. Chances are, you've seen stories on the nightly news about companies who have been hacked and lost sensitive data. Are you sharing this information throughout your company? If not, consider doing so. Communication is important in every respect in business. When you come across information that can help secure your company's data, share it!
Security Awareness is a hot topic in the world of technology support. People are the biggest security risk factor for businesses. Why? They aren't aware of data security best practices. They don't know what to watch out for. They don't have anyone supplying them with the training to change that. If you've never attended any Security Awareness training, that is a telltale sign that your business isn't as secure as it should be. Employees are trained on everything from HR policies to how to operate the printer: why leave out something as critical as Security Awareness?
In general, being a trusting person is admirable. Unfortunately, cybercriminals prey on the trusting nature of others to steal data. It's known as 'Social Engineering.' One popular method is 'Phishing,' or, posing as a trusted authority and asking for sensitive data. For most people, when someone pretending to be their boss demands access to sensitive data, they hand it over. It's human natural to trust authority figures and that's a common way that data gets out. To prevent this, practice being more vigilant. Confirm identities. Heavily vet sources. A little bit of scrutiny can go a long way in protecting your data.
If any of the above applies to your business, start making changes today. Then, call a tech support company that specializes in security and make sure that your business is an unappealing target for those looking to steal private data.