6 Best Practices to Keep Your Business Safe
by Laura Bauml, on Nov 1, 2017
We embrace the convenience and freedom of doing business in the cloud. This also comes with real security risks for every device connected to the internet. According to Darren Holtz, FBI Special Agent with the Cyber Security Division, safety is a journey—not a destination. This article will explain straightforward means of traveling safely and the most important security aspects to consider. So, buckle up and let's get to it!
Why internet security is like driving a car
The journey across the Internet correlates to driving a vehicle. Nothing will guarantee 100% safety. Yet the risks can and should be well managed with safety equipment and defensive driver education. For seat belts and air bags, the computer industry has given us applications and backup devices, which I will give tips about further down. But as it turns out, education and behavior of the user are the most critical functions of cyber security.
The Internet has made it easier for the criminals to reach us, and the most successful weapon of the dark side is social engineering. Instead of focusing on secret complex technical code, they are simply preying on the weakest link with innocent looking emails. They are lurking our interests and schedules on public Facebook pages to pose as someone who deserves our trust. They are simply browsing through unsecured wireless hotspots into smartphones, like walking into unlocked back doors. Which means our strongest defense comes from learning and following precautions.
At a recent cyber security seminar near Kansas City, “Don’t Let Your Business Get Hacked,” industry professionals including Robert Lamm of Lammtech.com presented vital steps that business owners should follow. I’ve summarized best practices in the following 6 policies:
6 security best practices to protect your business
1. Think before clicking in emails
Verify the actual address is from someone you recognize. Know that never will you ever receive a legitimate email asking you to update information from the government, banks, credit companies, or online storage providers such as Apple’s iCloud. Sensitive data or confidential information should be encrypted. This can be done through file-sharing services, or special email programs such as protonmail.com or sendsafely.com.
2. Install anti-virus and continual updates on all devices
Terrific choices in antivirus software are available and should be installed on each computer, tablet, and smartphone. As new attempts at hacking are constantly being created, so are the security patches on your software that need to be installed through updates. Set the operating system to do updates once-a-week at a convenient time, maybe 3am.
3. Make passwords difficult
Hint: your dog’s name + your birthday numbers are not difficult. A great option is to learn one long acronym and use it for a password-keeper app such as Lastpass or Dashlane. Here is a review from PCMag on other good choices. It’s also best practice to change your passwords on a semi-regular basis and use password options when stepping away from a desktop or closing a laptop.
4. Secure wifi
All wireless routers need their own password, not publicly shared. Also, to hide your wifi network, set up your router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Outside of the office, I use the app hotspotshield.com when it’s necessary to have internet access.
5. Backup critical info in more than one place
Businesses rely more and more on cloud-based storage providers like Dropbox, Google Drive, OneDrive, and iCloud. While these services are not hack-proof, they do protect user files with encryption and store them online in secure storage servers across several data centers. To make physical backups (on external hard drives or thumb drives) of all your data may not be feasible as your company grows and may not even be necessary with all the cloud-based storage options out there, but you could and should consider multiple cloud-based backup options. Ask yourself: what would happen if these files were lost? And plan accordingly.
6. Manage user access
Give out the least amount of privilege necessary to your network files and in software settings, and make sure the right people have the right access. Internal fraud does also happen too frequently. If any vendors or outside contractors have access to your system, vet them and communicate your expectations.
As with most dangers, prevention efforts will give you the most success. And if your information is affected, it’s an opportunity to plug the holes, run stronger and grow more confidently. If you are infected with a disabling virus, immediately unplug all devices from the internet. Within 24 hours, report it to your local FBI field office as well as the Internet Crime Center ic3.org.
In this digital age, all roads lead to the cloud. We can find a feasible balance between freedom of access and walls of lockdown. Paro, as an example, has been successful at operating remotely and securely while building a culture of trust with contractors and clients, in large part to having these tools of accountability in place.
Every day that you have not experienced a breach is a successful win, and we can be confident there will continue to be many, many wins. Make cyber security a priority and enjoy safe traveling.
Laura Bauml is certified as a Professional Bookkeeper and QuickBooks ProAdvisor working remotely with the Paro network. She has over 15 years of experience working with small business owners to establish sound accounting practices and increase their financial confidence. She received training from Universal Accounting as well as Intuit, and completed an Associates degree in Information Technology emphasizing the current web-based processes. A native of Kansas City, she has always had an interest in security, and was an over-protective mom getting her 3 children safely to adulthood along with her husband who holds a Masters Degree in Industrial Safety and Security.