4 Technologies to Help Secure Your Business Online
Every day in the press we see businesses being held to ransom for the return of their data. These issues are related to actions by users in the business. When you put details into a social network service, you are relying on the security level of that social network service.
You can take steps to reduce the risk of staff causing security breaches through improved awareness courses and monitoring. Actions are also necessary to secure private information such as passwords. A business also needs technology to managed its resilience and procedures to maintain integrity
1. Help your staff:
There is no guaranteed strategy to protect from ransomware or cyber-heist all that can be done is to document a plan and manage the risks. Get staff to be familiar with the cyber-crime techniques used and monitor performance regularly in a supportive way. This typically is via an online familiarisation service with regular penetration testing to measure and improve staff confidence. There are a number of services available so contact your technology provider, I recommend and maintain services from KnowBe4.
2. Protect your data:
Most hosted file sharing services, Google Drive, One Drive, Drop Box, I Drive, etc., offer file syncing in some form. While these services may offer cyber-heist recover, they should not be the sole reliable source for your business data recovery.
Use backup service which is not available as a network or local computer shared resource. This must regularly be tested to ensure safety. The resource should be multiple devices cycled so that the least amount of business data is lost in recovering from a cyber-heist.
Also, have at least two reputable and reliable spyware/malware detection services. I do not recommend the use of freeware services. I use and recommend business grade software from Webroot and Malwarebytes. Comodo is also useful and free for business use.
3. Secure your Passwords:
Password security and shared credentials for application logins are a major source of damage to business operations and integrity.
Strategies to secure passwords risk are to use a password management tool. This service should secure the passwords in an encrypted form using a reputable method. The encryption should be end-to-end, that is from the moment the password leaves the source computer. The password encryption service should include “virtual keyboard” feature to avoid keylogging attacks. I recommend and use Passpack as it allows for password sharing to staff and allows staff to be grouped to manage various levels of access to sensitive business resources. Also, password changes can be easily distributed to the relevant staff.
4. Keep good records:
Maintaining a list of services used by the business and their purpose. Having firsthand experience recently where I reset my chrome services and lost bookmarks for current activities and about six months of research. I now keep all my research information links in my CRM under “Notes”. Also, I keep the URL information, purpose and access username as part of the note. So even if the password isn’t important for a password management record, password recovery is available for most sites. I use AttachedApps for Office 365; Trello and other services are also cost effective.
Training: Invest in staff familiarisation with socially engineered cyber-heist techniques. It’s a small price to protect your business from potential ruin. Most business who get ransomed and don’t have a recovery plan will be out of business within three years.
Backup: File sharing services are not a backup strategy. Get quality virus protection. Data backup services should not be directly connected to your network.
Password: Maintain a reliable, secure password strategy. Don’t rely on social network security to verify your login service to critical business services. Use a reliable and secure password generation and repository service. Change the passwords regularly; I recommend monthly.
Record: Keep your records in a reliable location, in a CRM or similar service use a structure which allows the information to be accessed by staff but not the password to the service itself.
“The opinions expressed by Smallville Contributors are their own, not those of www.smallville.com.au"
SHARE THIS ARTICLE WITH LIKE MINDED SMALL BUSINESS PEOPLE