Every business today requires some level of technology to operate and compete. The capability of the IT services and the subsequent business results varies widely across all types of organizations. Regardless of your IT capability, every business is responsible for protecting their own data, as well as that of their clients. Recently, I had the opportunity to attend a leadership conference in Michigan with a number of small to mid-size businesses. Top of mind with IT was data security, so I thought a review of some security best practices would be helpful.
IT security is very complex with many different components. For the larger organizations, they have team members within IT dedicated just to security. For the small business, they may not yet have a trusted IT resource or firm to provide guidance. However, there are some basic fundamental best practices that every business should follow and can address on their own or with just a little bit of help. Here are the top security practices I think every business must address:
Secure access to your router/access gateway
Whether you have Comcast or some other broadband internet provider, you may not have changed the default password to access your router/access gateway. This means that everyone knows what it is and can change settings and easily access your network as a result. To change it for Comcast, log in to your access gateway via a browser page (most addresses will be http://10.0.0.1). The login ID is admin and the password is password (very secure, right?). From here you can navigate to change the password and modify any of your Wi-Fi settings as well. Here is a link to Comcast for additional details: https://customer.xfinity.com/help-and-support/internet/comcast-supported-routers-gateways-adapters/.
You probably have two Wi-Fi connections for your office, one for guests and one for the rest of your company. If not, then your first step is to separate guest and employee access with different Wi-Fi networks at your office. Both should be protected with a password, and the guest network should only allow access out to the internet (no internal resources). While you are making changes, check to be sure the firewall settings are enabled and consider adding a dedicated firewall to protect your company network from the rest of the internet.
When accessing public Wi-Fi, know that all the data you are transmitting on that network is co-mingled with everyone else at that coffee shop. This makes it easy for a hacker to see what you are doing and see the data you are passing over the air waves (may even include passwords or user IDs). In addition, be sure to connect to the right Wi-Fi and not a rogue Wi-Fi that hackers will sometimes set-up to enable greater access to your data. Once you know you are connected to the valid public Wi-Fi, there are few things you can do to secure your data in that very public environment.
- Only exchange data with secure sites (HTTPS://). Be sure to see the lock icon in your browser and that it is HTTPS://.
- Connect over a Virtual Private Network (VPN). In most cases, this will be back to your office so that you may work as if you were in the office (same access to documents, systems, etc.), but if you do not have or need VPN back to your office, you can leverage a cloud VPN like Cyber Ghost or Windscribe. The VPN connection will add another layer of protection over the encrypted HTTPS:// data and create a secure tunnel between you and the VPN server.
Protect access to your laptop/desktop/mobile device(s)
This one is simple and security 101. Make sure your laptop/desktop requires a password to access, and that the password is strong (at least eight characters, symbol or numbers, cannot be easily guessed, etc.). In addition, lock your workstation when you leave it unattended (Windows Key + L is a quick and easy shortcut to quickly lock your Windows workstation). Furthermore, have it set to automatically lock after 10 minutes of inactivity. For the phones or tablets, make sure they are protected with a passcode, or you may find your email quickly compromised if your device is lost or stolen.
Encrypt data on your laptop/desktop/USB drive
Encrypting the data on any workstation is recommended, but on a mobile laptop it is critical. If the laptop is ever lost or stolen, you need to know your data is protected. With Windows (any pro version with Windows 7 or later), Bit-Locker is probably the simplest way. On a Mac, FileVault is the way to go. Same approach should be applied to any USB drives that could have sensitive data. These are easily lost or stolen, so protecting them with a password that encrypts the drive is strongly recommended. Bit-Locker and FileVault will both work for USB drives as well.
Sending secure email
Email is a great tool for communication, but it is nowhere near as secure as some may expect it to be. Never send any sensitive data in an email. There are a number of good encrypted email services that let you send/receive sensitive data through a secure email exchange. Typically, this will send the recipient an email informing them they have a secure email and direct them with a link to log in to a secure site to download the information securely.
I know, a lot to cover here, but remember that security is complex, and there is not one single solution to protect all your data. Take these recommendations one at a time and start moving toward implementing security best practices to protect your business. As you take on each one of these, know that there could be some variables to each of these, depending on your company needs and current technology configuration. You may need some IT help, but if you do not already have a trusted IT resource today, you need to find one now. First priority can be securing your company and client data.