How To Keep Your Business Secured Online?
I'm in the security field where we have to keep many, many businesses safe online, day in, day out, 24 hours a day. It's obviously a really, really important idea to make sure your business is safe online. There are lots of free tools and utilities out there, that can help you keep things safe. As the old adage goes, If you can't afford an expensive tool, wait until you see how much the price of a cheap tool will cost you. It can impact your business greatly. We see it all the time, where people don't have tools in place, to keep their business safe.
Here are a few things you need to make sure you have as an absolute minimum:
For any of your workstations have a business grade anti-virus. It should be costing you around 100 dollars a year per workstation. If you're paying less than that, you're probably getting less than what you want. With any of your emails, make sure they are protected with what's called an inbound/outbound spam host, or inbound/outbound security filter. What this does, when someone sends you an email, it's a little man in the middle thing that receives the email, looks through it and goes, "Okay. Yep. That doesn't look like spam or it doesn't look like it has a virus." It sends it on its way to you.
Now, it's just a stop-gap measure. Like most things with security, you're fighting the bad guys. Sometimes they're winning, sometimes we're winning, sometimes it looks like no ones winning. You just want to make sure you have as many measures in place. Having external spam filtering, before it hits your servers, is a very, very smart idea. If you have an online web presence, where you have a website, especially an eCommerce site, where you're bringing in revenue, you need to make sure that you keep the site up to date. There is a lot of websites out there, such as Joomla, Drupal, WordPress, and many other different platforms. They have many security updates that come out.
Business owners aren't told when they get these websites developed, that they need to keep them up-to-date and patched and backed up. If you don't do this, you're opening up many doors to unwanted visitors. These unwanted visitors can come in and if it's a site where you are deriving an income from, you'd be able to have them come in and then potentially have that money divert off to them.
Even if it's not an eCommerce site, you can have problems where these people will come, in, and they'll deface your website, and then pass traffic through your site after sending out a lot of spam, not just to the people that you know, but tens of thousands of people every hour, to ask them come to your website, reset a password, where your website may have been changed to look like a major bank, or it may look like a PayPal or something like that. They'll come there and type in the details and then these could be stored within your hosting account.
That is a big problem. It means that you, by being negligent to the fact of keeping your website secure, have aided in fraudulent activity. That's very bad. That is incredibly bad news. If you're trying to take financial details from unsuspecting people and you're doing that on the site, even if you're negligent, you can be fined and have your website taken down, a cease and desist, and even server hardware be confiscated. You want to make sure your website stays very secure.
This next one isn't as much about security as it is about disaster recovery. If something does go wrong, you should be having your emails backed up. You should be having them backed up in the cloud, you should also have them backed locally. You should also have your workstations backed up. All these things will aid in faster recovery for you if something does go wrong. Data recovery can cost thousands of dollars per computer through any of the major data recovery outlets. If you don't want to be spending that sort of money and the amount of downtime, it's very, very good to make sure that you have a backup, not just of some files, but an automated backup with a service provider that monitors and verifies the integrity of the data.
The People Bits That covers off on most of the different things that you should have in place. Now it comes down to the knowledge that you need to have when visiting different websites. Most of the time, people have a password that's rather easy. That's good news for hackers. A password, if they wanted to get into an operating system like Windows XP, or Windows 7(I know that's getting a bit older now)can be cracked in as quick as 9 to 12 minutes, if it's 8 characters and it's just dictionary words. If you have something that has a special character in it, like an exclamation mark, or other characters, you're able to increase that time to be hacked significantly.
I say increase the time because there's no way to really stop someone completely hacking you. Big companies like Sony's and eBay have been hacked. These guys have fantastic security. As I said before, it's all about a cat and mouse game of who is in front with what they're doing. Make sure that you're able to be in front of everyone else, by having a really difficult password. This is the same for your Wi-Fi. If you have Wi-Fi, you want to make sure you have a very difficult password. If it's easy, people will break into it. If it's hard, you can increase the time from five or six minutes with a poorly encrypted WEP connection, upwards of 24 to 48 hours or more for a better encrypted WPA2 encryption.
Now that might not mean much to you, but get your local IT company to make sure it's nice and secure, where no one's going to be jumping in. If it's going to take two days to break in and use your internet, no standard person's going to do that. If you've got online cloud-based applications, that are paramount to the success of your business, it's very sensible to use and implement, what's called 2FA, that's 2-Factor Authentication. 2-Factor Authentication will keep you secure. It's two different things that need to be factored in when you're authenticating. That means, instead of just your username, and then a password that you just remember, there needs to be an extra device. Normally that comes in the way nowadays of a mobile phone. In the past, there have been other things such as hardware tokens that you press a button and it comes up with a number on it and there are many other different ways that you can have a second device authenticate. Having 2-Factor Authentication means that the hacker would need to have access to your phone, as well as access to that password. Most of the time it's unlikely that that's going to happen.
If you are running a very secure practice, where it is business or you're dealing with other people's usernames and passwords, possibly even credit card information, that is when it is very important that you don't just think of it as an option. It is a must. You definitely need to have 2-Factor Authentication. You should also be doing something which is called, IP whitelisting and blacklisting. What that does is it protects you and your connection from only talking to certain devices. If you've got a cloud-based application that's running your business, and you do what's called IP whitelisting, you can say to that application, only this connection at my business address (and maybe if you're doing after hours work at home, at my home address)can access this cloud-based application.
This is kind of like making a tunnel with a cord straight from the cloud-based application to your home and straight from your office, to the cloud-based application, so that the hackers can't as easily intercept the data. Another thing that you can put on top of that, is a VPN, which is a virtual private network. This means that all the data that you're transferring online is encrypted and stays completely away from prying eyes or anyone that might be listening in to what you're doing. In closing, make sure to have fantastic corporate or high-end business grade anti-virus and anti-malware software on any of your devices. Make sure that you're using a difficult password, with multiple ways that it has to be authenticated. For any data that's being transmitted over the internet, it is sensible to make sure it goes through a VPN, that might be locked down to just your business location for access. Hope you had some fun with this. If you have any questions, make sure to let us know.