Blog & Company News
Sep 29, 2011
The Business Owner’s Guide to Good Cyber Security Habits
[caption id="attachment_393" align="alignright" width="300" caption="Cyber Security"]
For those of you who do your banking online (or anything else important on the web), you probably know the importance of cyber security—if you don’t, you could be looking at a big mess.
Online threats could lead to any of the following:
- Identity theft
- Illegal transactions with your credit card or checking account
- Theft of your customers’ payment methods
- Theft of private customer information
- Theft of your business’s private or proprietary information
- And more …
The simple truth is, the internet can be a dangerous place without the right precautions in place.
So, what can you do about it?
If you're an IT pro or web professional, we're probably not going to tell you anything that you don't already know. But to help the business owners out there who are general web users (like most folks), here’s our guide to Good Cyber Security Habits.
Part I: Wrong Ideas That Sound Right
1. Antivirus fully protects your computer—WRONG.
Although having quality antivirus and firewall software installed on your servers and workstations can help protect your systems, it’s not always 100 percent effective. Don’t let this or any other single security measure give you a false sense of security. You still need to combine this tactic with other good security habits, which we’ll get into below.
2. Hackers are only interested in computers with important data on them—WRONG.
Just because you or your business may have a computer that you only “surf the net” with, and you don’t think you do anything important on it, it doesn’t mean it’s OK if you’re not on top of keeping it secure. The fact is, if that computer is using your network, you could potentially be giving a hacker better access to your other systems.
3. Your computer automatically updates all your software—WRONG.
Your Windows or Mac computer might prompt you to perform regular software updates, but these updates don’t include all the applications you have installed on your computer. One of the biggest entryways for hackers is through security vulnerabilities found in outdated software. To prevent this, check each of your applications and programs regularly, and be sure your versions are all up to date.
PART II: Password Protection and Surfing Safety
If you were to only take away one thing from this article, it should be to take your passwords seriously.
Here are some rules that can help keep you secure:
1. Don’t use the same password on more than one account.
Your online banking password SHOULD NOT be the same as your email password.
2. Make each password as difficult as possible.
The drawback here, of course, is the inconvenience to you, the user. But simple passwords, such as words you could find in the dictionary, are too easy to hack. You need a minimum of eight characters, with at least one letter, one number, and one special character if allowed (i.e., #, $, %, ^, &).
3. Change your passwords ALL THE TIME.
Send yourself a reminder once a month to change all of your passwords. Again, it’s inconvenient, but it’s a solid habit to have to keep your systems secure.
4. Be careful what you click on.
You’ve probably caught on that these days, you can’t blindly click on any link in your email—especially if it’s from someone you don’t know. The same thinking should apply anywhere you visit on the web, especially if you’re visiting a website that you’re not familiar with. This also includes search-engine searches, particularly image searches, which have been targets for all types of malware.
PART III: Antivirus and Firewalls
1. Part I addressed the importance of updating your program software—your antivirus software needs to be updated regularly as well.
New cyber threats surface every hour, which means your antivirus software is almost always a little out of date. So keep it as little out of date as possible.
2. The point of a firewall is to protect your computer, server, and/or network from unnecessary and sometimes dangerous online traffic.
For example, if you have a server that is only being used as a website server, you would use a firewall to lock down all entry points that aren’t used by normal web traffic (you wouldn’t keep the email port open if your server wasn’t being used by email). Note that firewalls come in two flavors—hardware and software. Both offer their own advantages and disadvantages.
PART IV: Website and Online App Care
1. You need to think of a website or online application as you do any other computer program.
Your website or application (and the server it sits on) needs to be regularly updated, just like your software does. If your website is powered by a popular open-source application, it almost certainly has regular software updates, which include security patches.
2. Make sure transactions and important data are encrypted.
This should go without saying, but all transactions on your website should be protected by an SSL certificate
(which also gives web users peace of mind). Additionally, you shouldn’t be storing any unnecessary information on your servers or business computers—if you do, all of that information should be encrypted.
3. Hire an “ethical hacker” to find vulnerabilities in your website.
Listen to The Small Business Authority Hour this Saturday as our CEO, Barry Sloane, discusses cyber security with Bo Dietl, an expert on this very subject. The show begins at 4 p.m. EDT, Oct. 1 on 77WABC
PART V: Employees
1. If you staff more than a couple of people at your business, you’ll need to control which employees have access to which systems and applications.
You wouldn’t blindly give every employee a key to your safe, would you? If you limit access and an employee resigns, you’ll know exactly which systems he had access to. Then you can change those passwords.
2. Lock your computer when you’re away from it.
If you have access on your computer to critical banking information, you’re leaving that access open to anyone who might be near your computer when you step away. All personal computers come with a locking feature that requires a password to log back in.
3. Train all your employees on good cyber security habits.
An employee who likes to click links inside every email he receives could undermine all the good habits you follow each day.
How about you? What are the cyber security habits you implement? Let us know in the comments below.