We all use data and we all need to store it securely. As someone who runs a website I can tell you personally how important this has become. Below are 5 quick tips from a security expert to keep you and your data safe.
-Anna
Data theft: the big risks for small businesses
The security of company data is set to be one of the most debated issues in 2015 for businesses of all sizes, having been steadily increasing in intensity in recent years. Last year was not a good one for online security and it has already been dubbed by experts as another year of the hack.
At the beginning of 2014 online consumers were still reeling from the Snowden leaks and the threat of rogue employees and the huge cyber-attack on US retailer Target when in April, the Heartbleed bug reared its head and sent shivers down the spine of just about everyone who has ever bought anything online.
Then eBay was hit when some 233m items of personal information was stolen; Domino’s Pizza faced a $40,000 ransom (£24,000) demand after it lost 600,000 customer records; Apple’s iCloud famously suffered at the hands of passwords that were too easy to guess; Home Depot lost some 56m customers’ payment details; Snapchat lost 100,000 photos; and of course the massive hack of Sony Pictures by a group of former employees that led to an FBI investigation and public statements from US President Barack Obama.
The cost of major data breaches can be staggering and particularly if clients lose trust in their suppliers. Lost data can easily lead to lost contracts and even law suits. For small businesses this of course can be catastrophic. Online security could find itself a key differentiator in 2015/16 but what steps should small businesses take?
1. Protect your hardware
The physical theft of computer hardware remains one of the most common ways of losing company data. Sure your insurance will cover the cost of missing PCs and external drives but what about the lost work, the lost recovery time, the loss of reputation and the lost un-submitted work, email histories or key data that you have underway? Make sure that every precaution is taken to secure your equipment at night and if you leave equipment in an office overnight make sure it is fitted with a Kensington lock and cable. Think like a thief and examine any weaknesses you might have in your office. If you absolutely have to leave a laptop in your car, consider a car safe in the boot or even a persistent security solution to track stolen laptops and PCs. Don’t make your car a target – leaving hardware on display i.e. sitting on back seat, advertises it to thieves. Be particularly careful in carparks, service stations etc. Car insurance doesn’t usually cover theft of property.
2. Encrypt everything
Adopt an ‘encrypt-everything’ approach to your life from your phone, tablet, laptop, PC, email, USB and browser (thank you https). You can explore a Virtual Private Network (VPN) if you want to be extra safe online. If you do not already use a dedicated password manager consider trying some out as they are commonly the best way to handle multiple passwords that are difficult to crack and to keep them all safe by storing them remotely and not locally. You probably use a password on your PC, have you got one on your smartphone as well?
3. Avoid FTP
File Transfer Protocol (FTP) has come a long way and it is very unlikely you would come across unsecured FTP anymore but there are still many businesses now who refuse to use the modern SSL-encrypted FTPS. FTP has never really been considered all that safe and today you would not even consider transferring unencrypted passwords, opening up your server or PC to an outside source or moving usernames in clear text. If you know you will need to use FTPS, perhaps for website maintenance, do your research. There are a lot of FTP programs and sites so make sure you using a service you are confident with.
4. Get smart with your back-ups
Everyone knows to back up their work, you learn it pretty quickly if you have ever lost a day’s work due to a file corruption or a power cut. Backing up your work properly however, especially if you are holding critical company data, really needs something off-site. Too many people still use an external hard drive sitting next to their PC, to save everything. Great if your PC gets a virus, not so great if you get robbed. Using an online file hosting service like Dropbox, which itself has fallen foul of email phishing scams, for sharing and moving files around is generally fine for mobility but you should never rely on one location for holding all of your important files such as thousands of client emails. Using a specific managed email service really is the only way to safely back up emails and ensure nothing gets lost.
5. Beware the humble flash drive
They come in all shapes and sizes but unless they are encrypted, it is best to restrict the use of portable memory sticks such as: USBs, CDs, DVDs and SD cards. Lost memory sticks can cause a lot of embarrassment and can lose customers. If you are moving data outside of the office, you really need to make sure they do not contain anything business critical. USB firmware has also been proven to be susceptible to malware so are really best used but not relied on for anything important.
Finally, if you are the victim of a cyber-attack or even suspect you may have been, always report it to the police at Action Fraud, as well as to your customers.
Comments
comments
