How To Keep Your Business Secured Online?
I'm in the security field where we have to keep many, many businesses safe online, day in, day out, 24 hours a day. It's obviously a really, really important idea to make sure your business is safe online. There are lots of free tools and utilities out there that can help you keep things safe. As the old adage goes, If you can't afford an expensive tool, wait until you see how much the price of a cheap tool will cost you. It can impact your business greatly. We see it all the time, where people don't have tools in place, to keep their business safe.
Here are a few things you need to make sure you have as an absolute minimum:
For any of your workstations have a business grade anti-virus. It should be costing you around 100 dollars a year per workstation. If you're paying less than that, you're probably getting less than what you want. With any of your emails, make sure they are protected with what's called an inbound/outbound spam host, or inbound/outbound security filter. What this does, when someone sends you an email, it's a little man in the middle thing that receives the email, looks through it and goes, "Okay. Yep. That doesn't look like spam or it doesn't look like it has a virus." It sends it on its way to you.
Now, it's just a stop-gap measure. Like most things with security, you're fighting the bad guys. Sometimes they're winning, sometimes we're winning, sometimes it looks like no ones winning. You just want to make sure you have as many measures in place. Having external spam filtering, before it hits your servers, is a very, very smart idea. If you have an online web presence, where you have a website, especially an eCommerce site, where you're bringing in revenue, you need to make sure that you keep the site up to date. There is a lot of websites out there, such as Joomla, Drupal, WordPress, and many other different platforms. They have many security updates that come out.
Update Your Website
Business owners aren't told when they get these websites developed, that they need to keep them up-to-date and patched and backed up. If you don't do this, you're opening up many doors to unwanted visitors. These unwanted visitors can come in and if it's a site where you are deriving an income from, you'd be able to have them come in and then potentially have that money divert off to them.
Even if it's not an eCommerce site, you can have problems where these people will deface your website, and then pass traffic through your site after sending out a lot of spam. This spam could affect not just to the people that you know, but tens of thousands of people every hour. It could ask them come to your website and reset a password, where your website may have been changed to look like a major bank. They'll come there and type in the details and then these could be stored within your hosting account.
That is a big problem. It means that you, by being negligent to the fact of keeping your website secure, have aided in fraudulent activity. That's very bad. That is incredibly bad news. If you're trying to take financial details from unsuspecting people and you're doing that on the site, even if you're negligent, you can be fined and have your website taken down, a cease and desist, and even server hardware be confiscated. You want to make sure your website stays very secure.
Backup Your Important Documents
This next one isn't as much about security as it is about disaster recovery. If something does go wrong, you should be having your emails backed up. You should be having them backed up in the cloud and you should also have them backed locally. You should also have your workstations backed up. All these things will aid in faster recovery for you if something does go wrong. Data recovery can cost thousands of dollars per computer through any of the major data recovery outlets. If you don't want to be spending that sort of money and the amount of downtime, it's very, very good to make sure that you have a backup, not just of some files, but an automated backup with a service provider that monitors and verifies the integrity of the data.
Have Strong Passwords
Most of the time, people have a password that's rather easy. That's good news for hackers. A password, if they wanted to get into an operating system like Windows XP, or Windows 7(I know that's getting a bit older now)can be cracked in as quick as 9 to 12 minutes, if it's 8 characters and it's just dictionary words. If you have something that has a special character in it, like an exclamation mark, or other characters, you're able to increase that time to be hacked significantly. I say increase the time because there's no way to really stop someone completely hacking you. Big companies like Sony's and eBay have been hacked. It's all about a cat and mouse game of who is in front with what they're doing. Make sure that you're able to be in front of everyone else by having a really difficult password.
Don't Forget About WiFi Security
This is the same for your Wi-Fi. If you have Wi-Fi, you want to make sure you have a very difficult password. If it's easy, people will break into it. If it's hard, you can increase the time from five or six minutes with a poorly encrypted WEP connection, upwards of 24 to 48 hours or more for a better encrypted WPA2 encryption. Now that might not mean much to you, but get your local IT company to make sure it's nice and secure, where no one's going to be jumping in. If it's going to take two days to break in and use your internet, no standard person's going to do that.
You Need Cloud Security Too
If you've got online cloud-based applications, that are paramount to the success of your business, it's very sensible to use and implement 2-Factor Authentication. 2-Factor Authentication will keep you secure. It's two different things that need to be factored in when you're authenticating. That means, instead of just your username, and then a password that you just remember, there needs to be an extra device. Normally that comes in the way nowadays of a mobile phone. In the past, there have been other things such as hardware tokens that you press a button and it comes up with a number on it and there are many other different ways that you can have a second device authenticate. Having 2-Factor Authentication means that the hacker would need to have access to your phone, as well as access to that password. Most of the time it's unlikely that that's going to happen.
If you are running a very secure practice, where it is business or you're dealing with other people's usernames and passwords, possibly even credit card information, that is when it is very important that you don't just think of it as an option. It is a must. You definitely need to have 2-Factor Authentication.
IP Whitelisting and Blacklisting
You should also be doing something which is called IP whitelisting and blacklisting. What that does is it protects you and your connection from only talking to certain devices. If you've got a cloud-based application that's running your business, and you do what's called IP whitelisting, you can say to that application, only this connection at my business address (and maybe if you're doing after hours work at home) can access this cloud-based application. This is kind of like making a tunnel with a cord straight from the cloud-based application to your home and straight from your office, to the cloud-based application, so that the hackers can't as easily intercept the data.
Virtual Private Network
Another thing that you can put on top of that, is a VPN, which is a virtual private network. This means that all the data that you're transferring online is encrypted and stays completely away from prying eyes or anyone that might be listening in to what you're doing.
The Final Word
In closing, make sure to have fantastic corporate or high-end business grade anti-virus and anti-malware software on any of your devices. Make sure that you're using a difficult password, with multiple ways that it has to be authenticated. For any data that's being transmitted over the internet, it is sensible to make sure it goes through a VPN, that might be locked down to just your business location for access. If you have any questions, make sure to let us know.