/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsChris Drake
BANGALORE, INDIA: True story: Visiting a client, I once came across a sales guy who had his access credentials taped to the palm-rest of his laptop. Worse still, the company’s entire customer information database was synced to that laptop. If he lost it (or if it was stolen) you can only imagine the consequences.
It’s a vision that has haunted me ever since. The responsibility of keeping your company’s data safe is one that’s shared by the whole team — and it’s something that should make them feel empowered. For companies that store data and/or transact business online, hacker prevention goes beyond having a secure web host. It’s a 24/7 job that requires good physical and virtual housekeeping from everyone.
Luckily, it’s not tedious, time consuming or boring. And it doesn’t require that you do a bag check on your employees each time they walk out the door. Here are five steps your team can take to ensure the company doesn’t fall prey to cyber criminals.
Mobile Security - It doesn’t matter if it’s a swanky, MacBook Pro toting executive or a lowly intern who has company email syncing to their phone, everyone is responsible for data security when working remotely.
Password protecting mobile devices and software is a ridiculously easy, yet commonly overlooked, step that can prevent a world of loss. A good rule of thumb is: If your employees work on it or and access it remotely, demand a password. That includes mobile phones and laptops, email accounts, VPN connections and SaaS programs that you use for business. Additionally, don’t store or “remember” passwords for critical services. Require that every employee manually type his or her credentials every time.
Also, while it’s convenient, resist the urge to use a shared wireless connection in a coffee shop or airport. You’re exponentially safer using a mobile wireless card or a secure VPN service when connecting to proprietary information.
Additionally, there are several Lojack-like software packages that can help locate, recover or delete misplaced and stolen laptops and mobile phones. And if your iPhone is stolen, you can wipe the email account using Exchange.
Destroy more than you retain - While many people believe they need to save everything and keep a paper trail, that’s rarely true. In fact, you probably only need a fraction of the data that’s cluttering up your system. Make it a point to routinely determine what to keep and what to toss. Here’s the plan:
-Retain only what you need, and keep it for the shortest period of time that makes sense
-Don’t store documents on your local machine, save them to the designated place within your company network.
-Don’t save old emails containing any confidential information, and don’t reply to or forward emails that contain confidential information without removing or encrypting the offensive data. This includes credit card numbers, social security numbers — and sometimes names and addresses, depending on the nature of the correspondence.
-Empty your trash! Shred any sensitive or confidential physical waste, but don’t forget to regularly empty your virtual trash bin (or recycle bin) too.
Patch, Upgrade, and Heed the Warnings - When software patches and browser updates come along, we’ve all been guilty of planning to do it later — then failing to do so. For too many people, it’s a habit — and a stupid one.
Updates are generally free and only take a few minutes to install. You should do so within a week of their release. Here are some of the commonly overlooked upgrades that can save your company from a cyber attack:
-Firewall updates
-Browser updates
-Web application updates (WordPress, Drupal, Joomla, et al)
-Operating System updates
-Virus signatures
As annoying as they are, don’t dismiss software update notifications. Keep those nagging, little reminders in plain site to you make sure to do it. After all, the squeaky wheel gets the grease.
Report Potential Security Breaches - Give your employees permission to be a tattletale. Reporting (or to give it a positive spin — “having an open discussion with a supervisor”) about insecure work conditions or habits should not carry a negative undertone. Let your employees know this, and remind them frequently.
If you think your employees might brush this off, remind them that as an employer, you have quite a lot of their personal information — social security numbers, bank information for direct deposit, healthcare information, etc. Understanding that their data is just as secure (or not) as your customers’ is crucial to getting their buy in.
Passwords - Setting, storing and changing passwords is critical, but commonly overlooked. (Yes, you’ve heard this before, but it bears repeating.) Need some tips on devising a hacker-resistant password scheme?
-Revise any credentials that were supplied as default settings from your vendor
-Use a different password for each service you access online
-Personal passwords should not be related to naming conventions you use for work
-Make your passwords complex. Use a multitude of characters, and if you need help devising a creative password, try something like PC Tools Secure PW Generator for ideas.
-Change passwords frequently. Every quarter at minimum
-Don’t share passwords or any part of your login credentials with anyone — friends, coworkers or even your boss
(Chris Drake is CEO and founder of FireHost, Inc., a secure Web hosting company. He submitted this story to VentureBeat.)