This article has been written by Aden Ottewill. Aden is the Managing Director of Prodigy IT Solutions, a Dorset-based managed service provider. With over 18 years working in the IT industry, he’s provided support to hundreds of businesses, and has seen some breath-taking security breaches. Although the Prodigy team now do the fixing, he’s passionate about making sure local businesses don’t fall foul of cybercrime!
Digital security can feel like a bit of a headache. There’s so much information out there, and it can be difficult to filter out what you need to look at first. We’ve divided the following list of 12 practical considerations into categories of ‘The Basics’, ‘We Recommend’, and ‘High Security’ to make thinking about what your business needs a lot simpler.
- Password security
- Anti-virus & malware/ spyware protection
- Network & WIFI security
- Internet Filtering
- Advanced Email Security
- Multi-factor authentication
- Print cards
- Screen auto-lock
- Categorising documents
In all the years we’ve been providing IT support, there’s not been a single week we can think of where we haven’t had to gently point out to someone that ‘password’ isn’t a very good password. It’s important to have strong passwords to ensure it’s as hard as possible for someone to gain access to your systems.
- Use random words, numbers, a combination of uppercase and lowercase and a random character e.g an exclamation mark. Keep the numbers separate, and not as substitutes for the letters – Passwords which are a combination of words and numbers such as FrogWindow32 are harder to hack than Fr0gW1nd0w. Also, avoid personal information such as children’s names.
- Use a separate password for each account – It’s recommended that you use a different password for every single account you have. This is to avoid data breaches by less secure accounts (e.g. a forum you may be part of) allowing cyber criminals access to things such as your email which can be used to gain access to other accounts. If the thought of remembering so many passwords fills you with dread, there are password management tools that can help take the pain by saving them all securely, and make sure you don’t have to enter them each time you go to log in. As the absolute bare minimum, even if you do use the same password repeatedly, you should have a unique one for email accounts.
- Don’t write it down – It was once advised that you change your passwords regularly, but new official advice says it’s better to keep the same password and remember it than it is to change it regularly and write it down to avoid confusion. If you need to keep a record of your passwords, using a password management tool is advisable.
ANTI VIRUS AND MALWARE PROTECTION
Choosing a good anti-virus is important as a line of defence against viruses which could lead to data theft. We recommend ESET to all our customers, and we use it ourselves, but whichever antivirus you’re thinking of using, it’s important to consider the following:
- How often does it update?
- How easy is it to use?
- How much does it affect the running of the rest of your computer?
A firewall acts as a barrier between a trusted and untrusted network. A firewall can be a piece of software (Windows Operating Systems come with a built-in Firewall which is switched on by default) but can also be a bit of hardware such as a router. If you work in an office environment with more than one computer, it’s advisable to have a router to protect the network, but also have firewalls switched on every computer to help protect against the spread of a virus if it does gain access to your network.
NETWORK AND WIFI SECURITY
If people come to your business and need to use your WIFI to connect their own devices – maybe someone is attending a meeting, or a customer wants to show you something they’ve found online on their phone or tablet, it’s advisable that you have a separate WIFI login for them. This protects your network against being compromised if their device has a virus, due to their security settings and practices not being as robust as yours.\
We mention this a lot but selecting ‘remind me tomorrow’ every time you are prompted to carry out updates for a prolonged period, is leaving you open to a security breach. Often within software updates, there are security ‘patches’, which means the software provider has been made aware of a potential security flaw in their product, and the only way they can fix it for every single one of their end users is by providing an update. By not actioning updates, you are leaving your network vulnerable to threats who may gain access via the security flaw which you have not yet fixed.
Everything mentioned in the basics, as well as the following:
Encryption sounds like it might be something at the disposal of an MI5 agent, but it’s a useful tool for everyone when it comes to protecting data. Encryption is a way of encoding information in such a way, that only people who are authorised can access data and those who aren’t cannot. There are lots of different ways to encrypt things, and you can encrypt your machine, server, specific documents, and even emails. If your laptop was stolen, for example, and it had sensitive information stored on it, if the machine was encrypted the person stealing it would not be able to access the information without the encryption key.
The term internet filtering normally conjures up an image of blocking social media or other sites which tend to hamper productivity. Whilst this can be done, internet filtering is also a way to flag up sites which may be compromised by a virus. Sometimes these sites can be legitimate sites which have been subject to an attack themselves. This once happened to AA, whose site contracted a virus, which led to customers downloading harmful content to their own devices. Internet filtering guards against this, as it checks the websites you and your colleagues visit in real time, so it will even let you know if a legitimate site which you use all the time could be harmful if it detects malicious content.
ADVANCED EMAIL SECURITY
Whilst some emails are easy to recognise as phishing scams (attempts to get you to click on a link and give information – usually financial details) others aren’t so easy, and cybercriminals have got good at making harmful emails and attachments look legitimate. This can cause worry for any as even with a large amount of training, there is still the potential for colleagues to fall victim to an attempt at gaining access to your whole system which could cost your business time and money. Although no protection can claim to be 100% effective, advanced anti-spam and email security software such as Barracuda which we use, makes attachments safe before they reach your inbox and checks links in real-time vastly reducing the capacity for human error.
You may have also heard of ‘two-step authentication’ or 2FA. This is a way of verifying that you’re you when you log into something. This can take different forms, but usually, you’ll have to enter your username and password followed by a pin sent to another device. In the event of a brute force hack (where the hacker has your username and uses software to guess your password), it is much harder for a cybercriminal to gain access if they need a third piece of information.
People are often surprised when we mention print cards because printing is such an automatic part of daily working life. Does your accounts department print invoices? Do you need to print a copy of a confidential resignation letter? Between sending these documents to print and collecting them from the printer, your phone could have rung, a co-worker could have stopped for a chat, you might need to nip to the loo. This gives anyone else in the office an opportunity to read the confidential documents you have printed, fresh from the printer tray. With a printer card, you press print, but your documents are only printed once you’re at the printer yourself – thus avoiding any unwanted eyes.
This one is on a similar principle to the idea of print cards. When you leave your computer, the chances are you have programmes and documents open that you wouldn’t want someone else to tamper with. Even if someone just wanted to play a prank and send a daft email to a colleague from your account. You can set a timer on the screen, so it automatically locks when the user has been inactive for a few minutes, but there are also other more technical solutions which allow the screen to turn off as soon as you leave your work station.
There are ways to have a greater level of control when it comes to access to and the sharing of data by categorising documents and placing restrictions on those categories.
For example, you might have some spreadsheets that include confidential data which certain colleagues need to be able to see, but that you don’t want them printing or emailing that to anyone else. You could create a ‘restricted data’ category with restrictions around emailing and printing so every time you send that document, you know that the people you are sending it to are unable to share it. You might immediately think ‘my colleagues wouldn’t do that maliciously!’ and we’re not suggesting that they would, but it’s easy to print something out and leave it lying around without even thinking.