You may not be aware of it, but your business is constantly under attack. From hackers trying to get into your website, email or social media profiles, there are always scripts and programs running looking for vulnerabilities to expose and exploit.
Not everyone pays attention to this and it’s usually after being hacked that they realize how important data security is. While a security specialist is nice, it’s not something that every business can afford. But, that doesn’t mean your security needs to be at risk.
We recently spoke to several business leaders to get their suggestions related to improving work place data security. As you will see, there are many things you can do to help secure your information and protect your valuable data from hackers and cyber criminals.
1. Use https for all email communication.
“Your website should already be using https protocol, but in the event that you aren’t this gives you even more reason to switch over. It only takes a little while and the cost is minimal. Not only do you want to encrypt the data your website visitors send through your site, but you also want to encrypt all of your email communication that uses your domain extension.
All you have to do to get this setup is contact your hosting provider and tell them you want to switch to https and have an SSL certificate installed. Many hosting packages come with this at no additional cost. Others will run you between $20 and $100 annually.” – Christopher Kerr, VP Marketing at Earnhardt Lexus
2. Keep all company data backed up in one location.
“If you have documents and data scattered around and stored in multiple locations, like computers, external hard drives and cloud services you open up the possibilities to a data leak. When everything is in one central secure location it only gives hackers one location.
The key is to use a reputable service, like Dropbox to keep everything stored. Limit access and make sure you also use a very difficult password that is not used anywhere else and also enable two-factor authentication. Make it very difficult to gain access.” – Ignacio Soria, CEO of Cann & Co.
3. Use a dedicated server for your website.
“Shared web hosting might be much cheaper, but you also share a server with multiple, if not hundreds, of other websites. One bad neighbor and it can spell data security disaster for your business. The only way you are going to have full control over who accesses the server is by using a dedicated one, which only houses your website.
You can get a fully managed dedicated server for around $200 a month. That is an expense that no business should turn their head at, especially if they are storing customer data. The small monthly expense is nothing compared to what a lawsuit could cost in the event you are hacked and data is compromised.” – Pat Skinner of AnswerFirst
4. Keep all applications and software updated.
“One of the most common ways hackers get into your accounts is by exposing a vulnerable access point. Most software and app developers are constantly testing for bugs and when they do find something that needs attention the roll out updates.
If you are running several WordPress plugins make sure to login every other day to see if there are updates. Same applies to any software or apps you use. If they offer automatic updates, enable that functionality. You always want to be running the newest versions incase a weak point has been identified and exposed.” – Hyung Park, President of Abraham Lincoln University
5. Train your staff on the latest security news and best practices.
“There is always news and information about the latest security news and what best practices should be applied. When you see these, make sure to share them with your team. Require your team leaders to have everyone read and then sign off on any important news that applies to them.
This can be anything from news and updates related to the software or operating systems they use daily, or simple best practices to avoid email phishing attempts. By requiring all employees to sign off it will make them pay more attention to the material.” – Tad Thomas, Managing Partner of Thomas Law Offices
6. Set up the highest level spam guard protection on your email server.
“Most servers have a spam application built in, and while they can be very good at blocking common spam, which often includes phishing and hacking scams, most come pre-set at a low level default setting.
cPannel for example has SpamAssassin, which is great, but it comes set at a low level. You have to login to your cPannel account and manually change the settings. For businesses that reply mostly on internal email from and to the same domain, go for the highest setting. Also, if you whitelist domains manually the highest setting is best. While it may block free emails like Yahoo and Gmail, it is the most secure spam setting.” – Chris Moberg, President of Slumber Search
7. Keep personal and business email separate.
“It’s a good idea to make it a policy that employees cannot use their work email for personal needs. For example, if they sign up for Netflix using the company email and they fall victim to a phishing scam the hackers could then send an email internally pretending to be that employee, and gain access to important data or information.
The best policy is a ‘no personal use’ for the company email addresses. The hackers and phishing emails are getting more complex, so it’s best to eliminate any possibility of that happening with this simple rule.” – Michael Herron, Law Offices of Michael R. Herron
8. Use a dedicated communication channel for all business chat and messaging.
“When communicating internally sometimes you have to share confidential or sensitive information. Rather than having this sent across text messages, email, Skype, WhatsApp, and other various chat apps, keep everything in one place.
When you have everything on one Trello board or one Slack channel, you are able to limit exposure and vulnerability. You just want to take measures to ensure your password is impossible to guess and a second authentication is required to login.” – Paul Kelly, 247 CCTV Security Ltd
9. Establish high password strength policies.
“Many programs now require passwords to meet certain levels of difficulty before they can be set. If they don’t, then you need a policy that requires difficult passwords. For example, 12 or more characters, two capital letters, three numbers, and three special characters.
You also want to make sure employees don’t store them on their personal computers or mobile devices. You want to keep all information like that in the office. When you allow it to exist outside of the office walls you are asking for trouble.” – Chad Gaynier of Clarity Clinic
10. Block internet browsing outside of approved websites.
“There are so many viruses online and the hackers place them on popular websites in order to infect the most devices. Not all show up right away also. Some will wait weeks or even months before they strike. They do this to throw the user off and to also spy and collect data.
New viruses are advanced and they will collect data and look for valuable information, like passwords, bank and financial data, or ways to gain access to consumer data. The easiest way to prevent this is by blocking casual or recreational browsing on company computers. If an employee is on a break, let them use their mobile device to access social media and the internet. The work computer isn’t the place for that.” – Christopher Dziak, CEO of Pure Nootropics