We are so far into the internet age that it is hardly worth mentioning. However, this doesn't mean that internet security no longer needs to be taken seriously. Just as the capabilities and scope of the internet has grown exponentially, so have the threats associated with it. While internet security suites and user awareness continue to improve, crackers and those who aim to undermine internet security continue to adapt. Any business must maintain a secure environment to avoid compromising pertinent information and debilitating cyber-attacks.
1: Advise Your Employees on Safe Internet Conduct
As scary as many viruses are, they cannot materialize onto your systems out of thin air. Some user input is required. This means an attachment must be downloaded, a URL must be clicked, or an infected system is allowed to connect to the network.
Employees should be instructed not to download attachments that are not expressly work related and to avoid trafficking or surfing websites, as even reputable sights can be infected with malware that takes advantage of web browser exploits to deliver a harmful script without direct action by a user. Peer-to-peer technologies, such as filesharing software and torrent clients should also be avoided; both because of security threats and the illegal activity that can be traced by your ISP to you business.
E-mail shouldn't be used to store or communicate secure information, as both the mail server and commercial software are susceptible to exploits, unauthorized access, and phishing. The NST Guidelines on Electronic Mail Security is available online.
2: Be Wary of Social Engineering
While many scams are obvious, a clever social engineer may be able to figure out information by posing as an employee. Maintaining a company policy to insist on verification or manager approval before giving out password or security information, even to someone claiming to be an employee working from home or some other concocted story.
3: Maintain Security Options
Malware in your system can be catastrophic – they have been developed to the point that they exhibit decentralized control, ability access to data, take up network resources, distribute spam, take over accounts, self-replicate and defend. It is much easier to prevent an outbreak than to rout it and clean up after it. Anti-virus systems (a comparison of popular small business options can be found here) and firewalls should always be updated and enabled. An anti-spyware program, such as Spybot, can also help keep information safe. Filters for web access and email can also be effective, but must be constantly updated and even then they usually don't offer real time protection.
A common misconception is that Apple computers do not need the same security options as other operating systems. This is becoming less true as the products become a larger proportion of personal and commercial computer use and therefore more attractive targets for malware developers. Having security software in place and keeping your system updated are important steps in keeping your business secure online.
4: Password Security
Many security breaches happen because of poor password choices. The most common mistakes in password security are using easily discoverable personal information as passwords, having the same password for multiple types of accounts, and setting your password as “password.” A secure password should use capitalization and numbers to make it harder to guess, and should be changed on a regular basis. Employees should be instructed to change their password on a regular basis, such as every few months. One way to do this is to have a “base” password that the employee comes up with and randomly assign a number to go at the end of it. Passwords should never be written down or exchanged over email.
5: Back-up Data
Most malware has the potential to delete data or render it inaccessible. For this reason, important company information should be backed-up on an offline server. Of course, this carries its own security risks and should be kept in a safe location with limited physical and digital access.
