Information Security Tips
Small businesses and organizations may be daunted by the perceived resources it takes to secure their systems; however, not making cyber security a priority could be a costly decision.
The following six tips represent key security principles that we recommend implementing and are intended to provide a starting point for a more comprehensive information security plan.
For more detailed information on how to create a more robust security plan go to www.staysafeonline.org
- Ensure that all employees use effective passwords, and when possible, stronger authentication technology. Encourage passwords that are comprised of different upper and lower case letters characters and change them every 60 to 70 days.
In many cases, passwords may not provide you with enough protection and security – for a more secure and reliable way to authenticate users and prevent hackers from stealing passwords, you may consider implementing a multi-factor authentication process*.
- Protect your systems by installing and using anti-virus programs, anti-spyware programs, and firewalls on all computers in your business.
- Ensure that all computer software is up-to-date and contains the most recent patches (i.e. operating system, anti-virus, anti-spyware, anti-adware, and firewall). Most security and operating systems contain automatic updates, but make sure that the function is turned on and sign up for security notifications from the software company. Without updates, your systems will not be well protected against new cyber threats.
- Make regular (weekly) back-up copies of all of your important data/information. Store a secured copy away from your office location and use encryption to protect any sensitive information about your company and customers. Regularly creating back-ups better ensures that your critical data is not lost in the event of a cyber attack or physical incident, like a fire or flood.
- Be prepared for emergencies by creating a contingency plan for your business, and include provision so that you can continue business operations at an alternate location if necessary. Test your plan annually.
- Protect your customers’ data from hackers and thieves by encrypting it. Encryption programs encode data or make it unreadable, until you enter a password or encryption key that unlocks it. Some encryption programs are built into popular financial and database software and some broadband providers now include encryption for wireless networks as a part of their service. In some cases you may need an additional program to properly encrypt your sensitive data.
- Locate and join an organization of your peers for information sharing purposes. If you suspect fraud or criminal intent, report it to the local law enforcement agencies, the local Federal Bureau of Investigation, Secret Service, or State Attorney Genera’s offices. Moreover, some states require you to notify your customers if hackers or thieves steal or could have stolen your customers’ unencrypted personal information, including data residing on a computer stolen in the offline world.
*Multi-factor authentication is like putting a deadbolt on your front door. The extra “lock” or layer of security makes it more difficult for hackers to view or steal sensitive data. Multi-factor authentication can be a software program or a device that is used in addition to your regular login and password method. Biometrics, such as a fingerprint scanner, is an example.
Some organizations also use “risk-based” authentication technology that looks at a number of metrics – such as behavioral patterns, or the IP address – to verify a user’s identity without asking the user for any specific input. In each case, the user can gain access to sensitive data only if the correct information is received (the random number, the right fingerprint, or the expected usage metrics).