Wednesday, July 22, 2015
10 Ways to Prevent a Data Breach and Protect Your Small Business
No business is too small for a hacker!
This article from http://www.theglobeandmail.com , informs us on 10 ways to protect your small business. Big businesses are not the only ones who can get hacked - small businesses are also a target. Make sure your business is protected and read the list of 10 steps to help your company stay safe!
1. Think beyond passwords. Never reuse them and don’t trust any website to store them securely. To increase the level of security, set up a two-factor authentication for all your online business accounts. This authentication relies on something only you should know (your password) and authenticates something only you should have (typically your phone) to verify your identity.
2. Stop transmission of data that is not encrypted. Mandate encryption of all data. This includes data at “rest” and “in motion.” Consider encrypting email within your company if personal information is transmitted. Avoid using WiFi networks, as they may permit interception of data.
3. Outsource payment processing. Avoid handling credit card data on your own. Reputable vendors, whether it’s for point-of-sale or web payments, have dedicated security staff that can protect data better than you can.
4. Separate social media activity from financial activity. Use a dedicated device for online banking and other financial activities, and a different device for email and social media. Otherwise, just visiting one infected social site could compromise your banking machine and sensitive business accounts.
5. “Clean house” and update procedures. Evaluate your assets and valuable data to identify where your organization is most at risk. It’s important to reduce the volume of information you keep on hand (only keep what you need!) and properly destroy all paper documents, CDs/DVDs and disks before disposal. Consider assessing your business’s email infrastructure, browser vulnerability, and ID system. Do not use Social Insurance Numbers as employee ID numbers or client account numbers. You should also question the security posture of your business lines, vendors, suppliers or partners.
6. Secure your browser. Watering holes – malicious code installed on trusted websites – are a common method of attack against businesses. How do you know which websites to trust? Focus on keeping up-to-date with the latest version of your browser. Then, test your browser’s configuration for weakness.
7. Secure your computers and operating system. Implement password protection and “time out” functions (requires re-login after period of inactivity) for all business computers. Require strong passwords that must be changed on a regular basis. Also be sure to update all operating systems, which have major security improvements baked in. It’s far easier to break into older operating systems like Windows XP or OS X 10.6.
8. Secure your internet router. Make sure someone can’t intercept all the data sent through it. Consider configuring your wireless network so the Service Set Identifier (SSID) – the name the wireless network broadcasts to identify itself – is hidden.
9. Safeguard and back up your data. Lock physical records containing private information in a secure location and create backups. These should be encrypted and off-site in case there’s a fire or burglary.
10. Educate and train employees. Establish a written policy about data security, and communicate it to all employees. Educate them about what types of information are sensitive or confidential and what their responsibilities are to protect that data. In addition, restrict employee usage of computers for only business purposes. Do not permit use of file sharing peer-to-peer websites or software applications and block access to inappropriate websites.