The Simple Keys to Business IT Security
It seems that not a week goes by where there isn’t a national news story about another high profile hack on a major US company or governmental agency. These victims are at risk of losing trade secrets, financial information and personally identifiable information of customers and employees. Billions of dollars of credit card fraud and identity theft losses occur every year. The stakes have never been higher. No security system will ever be completely bullet-proof against hackers, but every business must be vigilant in their security, or risk loss of reputation and financial devastation.
Large business enterprises may have IT staff dedicated to security, who deploy and maintain firewalls and intrusion detection systems, create and enforce security policies and test their networks with penetration tests. Most small businesses, however, do not have the resources for such measures. Yet all is not lost.
Most hacks are not as dramatic and complicated as ones you see depicted in movies or on TV. Hackers don’t often do a complicated attack. They look for “Low hanging fruit,” or the easy way into your network. Most hacks are on “targets of opportunity” on specific vulnerabilities, that they know how to exploit. They attempt to compromise many targets at once, like walking down the street and jiggling doorknobs, looking for a door that is unlocked. If your door is locked, they will move on to the next door.
A few easy to use tools and security techniques can protect against a vast majority of hacker attacks. The most common tools in a hacker’s tool kit are viruses or malware and social engineering. These tools can destroy data, deliver your data to the hacker or open a gaping hole to your network, which they can use later to further exploit your systems. The two most essential components of security are actually among the cheapest to implement. They are virus protection and email security. Virus protection is the most basic and easiest to implement. Off-the-shelf commercial virus protection software works quite well these days. You can buy it at stores like Office Depot at a good price. Once installed on your computers and other devices, be sure that it is set to self-update its virus signatures on a daily basis.
Every business, from a sole proprietorship to the largest enterprise needs an email security policy, to protect from malware or social engineering, which tricks users into revealing sensitive information. Here is a checklist of common sense email rules to live by:
- Utilize strong email passwords. Make passwords of at least 9 characters, which include a mix of upper and lower case letters, numbers and special characters. Avoid words found in dictionaries, names of pets or family, or dates like birthdays or anniversaries. Require password changes on a regular basis and do not reuse passwords.
- Do not open attached files that you were not expecting to receive. Most people wouldn’t open a file from a stranger, but make the mistake of opening an infected file that came from someone they trust who was hacked themselves. It also could have come from a “spoofed” email address, which came from a hacker pretending to be someone else. If an unexpected file is received, then contact the sender, by phone if possible, and inquire as to the nature of the attachment.
- Only use company email addresses to conduct company business. Besides being more professional, a company may have greater control over the adherence to security policies and virus protection on an address at a company domain.
- Don’t click on any link in email that asks you to verify passwords, banking information or other sensitive information, no matter what the website. To visit that website, type the address directly into a web browser instead.
Follow these simple rules and chances are that you will avoid the vast majority of hacker attempts. And remember, an ounce of common sense prevention is worth a pound of cure.”