-
Protect against viruses, spyware, and other malicious code
Have Antivirus, antispyware/antimalware installed on all of your computers and servers. Make sure they are updated regularly and if paid for – run a scheduled scan at least weekly. The free versions of anti-malware or anti-spyware usually don’t allow for a scheduled scan.
Here are some products we recommend:
– Trend Micro Worry Free Business Security
– Malwarebytes AntiMalware
– HitmanPro - Secure your networks
Protect your network with a firewall router. This will better protect you than just using a Comcast Modem. There are so many features with firewalls that a modem or a modem gateway can’t provide. There is content filtering, gateway antivirus, gateway antispyware, blacklisting, firewall rules, and other security features. Put a secure password on your wireless. Never allow customers or clients on your main wireless. Implement a guest wireless and segregate it so your business and your guest networks can never see each other. Put all non-business related devices on your guest network. - Establish security practices and policies to protect sensitive information
Establish policies on how employees should handle and protect personally identifiable information and other sensitive data. Clearly outline the consequences of violating your business’s cybersecurity policies. - Educate employees about cyberthreats and hold them accountable
Educate, educate, educate! A person is the biggest security flaw when it comes to computers. People click on links, go to infected websites, give out personal and business information easily, and generally don’t know or don’t care what they are clicking on or clicking through. Educate your employees. Explain that they shouldn’t be giving out sensitive information. Show them what to look for in a phishing email. Document this information. - Require employees to use strong passwords and to change them often
This is the biggest thing we hear from our customers. They don’t like having to change their password, they don’t want a hard password they can’t remember, or they don’t like having to have upper case, lower case, numbers, and special characters. One bad password could cost you millions of dollars in damage or potentially losing your business. Once someone gets your password, they can potentially have access to everything on the network. We call it “owning the network.” We recommend using strong passphrases, not passwords. A passphrase is essentially a sentence consisting of 4-5 words with numbers and special characters sprinkled throughout. Another good thing to implement is multi factor authentication. Many companies and software are giving the ability to require more than just a password. Some send texts to your phone with a code, some provide apps. A good dual factor authentication app is Duo Security. - Make backup copies of important business data and information
Backup your data! Be very diligent about this. We have seen data loss, crypto virus’, or just general hardware failure cause problems. If you back up your data on a regular basis, there is less to worry about. There are tons of backups programs and devices that will accomplish this. You need to decide whether you are okay having a local backup or if it would be better to have a cloud backup. We do recommend taking backups offsite in case something happens to the build itself. There are devices and programs that back up hourly or even instantly. This is a no brainer to always back up your data. - Control physical access to computers and network components
Encrypt your hard drives. This makes it very difficult for users to get to your data. Even if you have a password on your computer, a user can remove the hard drive, put it in another computer, and see all of your data. If you encrypt your hard drive, they can’t do this! They would need the decryption key in order to do this. Also, if you have a laptop, lock it up! Don’t allow anyone to steal your valuable hardware by using a lock on it. - Create a mobile device action plan
Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network.. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment. - Protect all pages on your public-facing websites, not just the checkout and sign-up pages
Do NOT put any important email addresses on your website. People can easily get phished if the President/CEO/Controller’s email addresses are on the website. The best thing to do is to use a contact form that goes to an info@ email address. Implement CAPTCHA’s as well. - The last and most important thing – BE AWARE!
This is kind of a reiteration of number 4 but all users need to be aware. If you receive an email or a phone call and it seems fishy, tell them you will call them back. Find the phone number or email address from Google and call and confirm it is actually them. Don’t let anyone you don’t know on your computer whether locally or remotely. Be aware of email scams. If it seems weird, call the person who sent you the email and confirm the email was from them. If it seems out of the ordinary, it probably is!!
As always, be proactive, not reactive. You may have to pay some money up front to be secure but if you don’t, you will be paying a lot more money if/when you get attacked. Stay safe out there!
Call us with any questions about any of this and we would be happy to help!
