It’s a wild, wild web out there, and we’re learning just how wild it can be every day with news of data security breaches from places where we should feel secure, like partners in Apple Pay, Apple’s new payment technology, Google’s Gmail, and more. However, data security is a practice that everyday users who should know better fall by the wayside. Whether you’re using a smartphone, tablet, laptop, or desktop, on a public Wi-Fi network or at the office on a “secure” connection, security practices need to be concrete policy in order to work. The FCC advises that a business pay attention to 10 different areas to ensure its digital assets are well covered.
1. Create individual user accounts for each person on the system and require strong passwords for network users. If it doesn’t score well on a password strength test, then you do not want it loose on the network. Requiring a password change every 30 to 60 days will annoy some of your employees, but will keep your network secure.
2. Enable multistep authentication where extra security is needed. Multistep authentication requires two sets of data input, such as a password plus a fingerprint or a password plus a piece of information only the user would know.
3. Use administrative tools to set policies and permissions for individual workstations or other company devices such as laptops, tablets, and smartphones. Limit the ability of employees to install software and access sensitive information.
4. Set cybersecurity and Internet use policies, train your employees in them, and set definitive penalties for breaking the rules. What they do on their own devices is their own business, but what they’re doing on your computers is quite literally your business.
5. Establish rules for handling customer data and how to protect your customers’ confidentiality. Be especially careful in the case of handling payments via credit cards, debit cards, and EBT cards. Choose only reputable processors and payment gateway providers for your business.
6. Keep your machines clean by installing a firewall on the network and installing a security suite such as Norton or McAfee on each computer to will check for viruses, malware, spyware, or rootkits. Make sure that updates cannot be turned off, and that the user cannot turn off their security suite without an administrative password. Pop-up blockers are also an excellent tool for stopping malware before it can reach your computers.
7. Secure your Wi-Fi network by using WPA2 security, changing the SSID to something unique, and creating a strong password.
8. Make backups of important files and think about how protected you want them to be. Cloud storage with a high security provider is one way, but a simple removable hard drive cage is a classic solution. Backing up the information and then removing the hard drive from the network cuts off access completely. Cloud resource availability is an important development in bringing affordable software and services to users and businesses of every size, but as with all rapidly expanding technology services, there are risks when security protocols are reactive instead of proactive.
9. Improperly secured mobile devices represent a huge potential hole in your security. Require users to password-protect their devices; you could also implement a secondary authentication method, such as a fingerprint scanner. Use mobile security suites and encrypt all information so that it can’t be read over a public network. Instant kill switches render the device useless in the case of it being lost or stolen.
10. Secure your communications by creating a VPN (virtual private network). This option is not just for laptops, but can also be created on Android and Apple phones and tablets. A VPN secures your Internet session, and the data you transmit—keeping it secret and keeping it safe.
The U.S. Chamber of Commerce also lists security resources that will help you to identify and remedy security concerns in your organization. However, hiring a security consultant is always a viable option for setting up a new and comprehensive program and policy. You may also wish to consider hiring a CIO or CTO (chief information/technology officer), an executive with a specialty in information handling and technology practices.