January blog post #2 – Suggestions for keeping hackers out of your systems.
Despite ever-advancing security practices, major security breaches happen on a regular basis. From Home Depot to Target to Amazon and Sony, some of the world’s biggest brands have been victims of malicious hackers. This doesn’t mean that small businesses are exempt from malicious security attacks. In fact, the Verizon 2013 Data Breach Investigations Report found that 62 percent of breaches affect smaller organizations. The effects of such an attack can be devastating for a small business.
All too often, security breaches are caused by unsuspecting users doing something they shouldn’t. According to Jeffrey Bernstein, managing director of an IT Security Protection firm, “…clicking a malicious link in an email, opening an email attachment, using weak passwords, losing laptops or phones with confidential data, or being tricked into giving up their passwords through social engineering attacks,” Bernstein explains. “In fact, most security industry data estimates that well over 80 percent of all of successful data thefts that occurred over the past 12 months began with a user doing something they shouldn’t have.”
So how can you help remove some of the threat of an attack on your data? Use the following suggestions to help keep your data secure.
- Make passwords secure. According to software company SplashData, “123456” and “password” are two of the most common passwords in use. If you don’t have standards in place for creating a secure password, your users could be creating passwords that can easily be hacked. In early 2014, we forced a password update on all email users to eradicate the possibility of an unsecure password. We increased the minimum number of characters, required the use of upper and lower case letters and forced the use of a number or symbol in the password. This has drastically reduced the amount of hackers who have gained access to our email accounts and is a practice we would recommend to anyone.
- Secure your network. According to wireless industry experts, nearly nine out of 10 WiFi networks aren’t properly secured, and if yours is one of them, a hacker can leverage a misconfigured access point in order to gain access to your company’s network. Hackers can also steal information being transferred over WiFi between a user’s computer and the network because most wireless networks secure these communications using WPA encryption, which is virtually useless against a moderately knowledgeable hacker.
- Add a secure socket layer (SSL) to your website. SSL is a protocol used to provide security over the Internet. It is a good idea to use a security certificate whenever you are passing personal information between the website and web server or database. Attackers could sniff for this information and if the communication medium is not secure could capture it and use this information to gain access to user accounts and personal data.
- Keep software up to date. If you use any type of 3rd party software (from appointment scheduling to credit card processing or website content management) it is important to keep these up to date with current releases. Quite often, a vulnerability will be detected and the software manufacturer will push out an update. Though it may require a learning curve, time to install or cost a little money to update, it is always a good idea to remain on the most recent version of an application to thwart off any known vulnerabilities.
Implementing any or all of the suggestions above will help keep your data out of the hands of hackers. Executing these suggestions may require a call to an IT professional and/or your website developer and may cost a little money. However, in this case, an ounce of prevention is worth a pound of cure and will cost you a lot less in the long run as well.