In today’s connected electronic world, we rely on technology to get the job done. But in this space, what you don’t know can hurt you. With a single click, a disgruntled employee can send their confidential business intelligence, bank account number and password, or intellectual property to millions of Internet users. With one more click, much of your company data could be removed. The list goes on. Read on for the top 10 tech problems; the misconceptions and flaws that are most likely to cause problems for both small and large businesses, and some simple ways to avoid them and navigate the debris.
1. Physical access is full access!
Without special precautions, data stored on that computer can be accessed by anyone who has physical access to a system. Most computer accounts can be cracked in less than 30 seconds when you have physical access to the system, or accounts can be bypassed entirely. Use hard drive passwords to lock portable travel systems. Keep servers and computers with sensitive data physically secure.
2. People do security, computers don’t!
The biggest threat to the security of your business is people, whether they are simple mistakes or malicious intent. Create a formal information security policy and ensure it is approved by your staff. Do not allow staff to share accounts on any system or software package. Delete general accounts or guest accounts and always change default passwords.
Only admin or IT staff should have access to the Administrator or Root account. These should not be shared with general staff or used for daily tasks, and passwords should be changed frequently to monitor access.
3. Email is public!
Typical email access, via the Internet or an email client, transmits not only your email messages to the public, but also your password. Use secure authentication (SSL) to prevent your email password from being transmitted to the public.
Email messages are never private (even when using SSL), unless you specifically encrypt the content. Omziff is a free utility to encrypt documents – use puffer fish encryption – it takes 400 years to crack today’s best desktop compared to today’s best desktop. your typical ‘password’ protection of documents that is broken in less than 30 seconds. Always deliver the encryption password separately and in person.
If you receive confidential information or requests for confidential information by email, please remind the sender that email messages are transmitted to the public over the Internet and can be easily read by anyone on the Internet.
If someone transmits your confidential information in an insecure manner, you should request that the sender pay for identity theft protection or credit monitoring for everyone involved for one year. If you are a supplier, make sure management knows what has happened; many states now require businesses or government entities to notify all affected customers when they have experienced a security breach.
4. FTP is not secure!
If you need to share sensitive information on the Internet, use a secure protocol to do so. File Transfer Protocol (FTP) is a very common way of sharing files on the Internet. But it is not secure, even if it requires an account and password, the password is transmitted to the public and can be easily compromised. Alternatives are Secure File Transfer Protocol (SFTP) or a secure website (HTTPS).
5. The Windows® are wide open!
All platforms have security vulnerabilities, but Windows® is generally the most plagued with security problems, probably because it has the most users. The three types of security threats to Windows® computers are malware, viruses, and hackers. Invest in programs or gadgets that stop all three. Most security programs are good at stopping just one of these three categories of threats. Once infected, these threats can usually monitor your system for sensitive information and transmit it to the Internet, they may not harm or disrupt your system.
6. VPNs are your best friends!
Virtual Private Networks (VPNs) allow mobile staff to securely access your company network from the Internet. Any message or file accessed through a VPN is only as secure as the network the VPN is connected to.
7. Passwords are the key!
Using secure websites (HTTPS) is like talking in a phone booth vs. yelling in a crowded room – no one else on the network can hear your conversation. But it still doesn’t guarantee that you are who you say you are: your account and password are the only way most websites can tell who you are. (Banks and other financial sites are coming up with cleverer and more annoying ways to verify your identity as we speak.) Anyone can access a secure website and try to crack your account.
Create passwords that are harder to crack: at least 8 characters, with at least one each of numbers, uppercase letters, lowercase letters, and symbols.
Use a password hack to create unique passwords for each account you have. Sound impossible to remember? A hack is a process to create a password. If you remember the trick, you won’t need to remember all the passwords you have and you will have a unique password for each of your accounts.
For example, a password could be created using an exclamation point, followed by the first and last two letters of the account name, plus the number of vowels in the account name, plus the user’s initials. With this trick you can generate a unique password for any account you have: ‘linkedin’ would be: “!liin3seh”, and ‘Google’ would be: “!gole3seh”. Have a backup hack (a slight modification of your existing hack) ready in case one of your accounts requires a password change.
Never share passwords with anyone else. If an exception occurs, change your password, then give it to someone you trust, and then change it again once you’re done.
8. Historical backups are essential!
Tea only The way to recover from user error is from backup copies. Historical backups are key. If your backups are simply a copy of your data that gets overwritten each time, then when a mistake is made and you catch it tomorrow after the backup has been made, your backups are now worthless.
Drive mirroring and redundant hardware keep systems available in the event of a hardware failure, but it’s pretty useless against “user error” that quickly syncs across systems.
Make sure your staff know where and how they should store your data so it’s protected by backups. Mobile users need to keep their data on the network (via VPN) so that it is protected or have additional backups.
9. Faxes and voice messages are public!
Gone are the days when faxes and voice messages were secure. Now they are bundled into attachments and sent flying over the Internet to a cell phone or email inbox. It can be done safely, but it’s rare these days; Always ask when dealing with confidential information.
10. You are the one you trust!
When you entrust your data to a third-party system or provider, you are accountable to your staff and customers if they make a mistake. Remember you get what you pay for.
Hosted ‘Software as a Service’ (SAAS) systems can be very useful and affordable for small businesses, but be warned! These providers are never responsible if your data is stolen, lost or damaged, but you are. Make sure you have data backups and security if needed. Hosted providers with many customers are “big shots” targets for serious hackers, as all data is conveniently accumulated in one place, while targeting an individual business might not be worth it.
Now you know…
Why identity theft is so common! If your email password is the same as your stock or bank account password, change them now.
>There are simple, low-cost solutions that address all of these issues for SMEs, many are simply a point of awareness and training. You are now equipped (whether you like it or not) with the awareness and education to help you and your business safely stay afloat in our connected world.