The new year fanfare and greetings are now memories nearly a month old and doubtless you are busily working to make those many New Year’s greetings for success and happiness into reality.
Hopefully, one of your organization's goals for 2020 includes bolstering security and data privacy. If not, it really should be. The matter is so important in fact that it has been given its own day, Jan. 28, Data Privacy Day, to be observed annually to raise awareness toward data protection and privacy.
Why is data security so important? Well, according to a recent Inc. article, data breaches are expensive, are becoming increasingly common and increasinly sophisticated. The article said in 2019, the average breach of U.S. companies cost $73,000. Furthermore, in a survey of senior executives, 8 percent of respondents said their company experienced a breach within the last two years and 12 percent said in the past five years. More astounding, the article said more than half of the breaches were not performed using malware, but by using existing systems and logging into networks using employees' stolen credentials.
So how then does one prevent one's own company from becoming a victim of a data breach and having private data stolen?
Here are some tips:
Shred sensitive records
Whether you are getting a head start on this year’s spring-cleaning, are trying to keep your New Year’s Resolution to be more organized, or are preparing for this year’s tax season, whatever you do, don’t throw out any documents bearing sensitive information. Shred them. If those records hold any identifying data, such names, addresses, SSN numbers, account numbers and other private information, toss them in the shred bin. Why?
If those papers wind up in the trash, anyone including competition, identity thieves and hackers can use the information against you, your company, your employees and your clients. Even if that doesn’t happen, simply throwing those files away can be a finable offense — not a great way to start a new year.
While going the document destruction route may seem inconvenient, it doesn’t have to be. You can buy a shredder, or save yourself the labor hours and hassle by hiring a mobile shredding services provider that will work with your particular need. Whether you opt for a one-time purge or regularly scheduled shredding service, with this kind of service you can witness your sensitive documents destroyed before your eyes and know your business stays your business.
Use proper passwords properly
Passwords are pain. No doubt. However, they are necessary to keep data, devices and networks secure. Until advances in biometric or other technology make them obsolete, passwords are here to stay, so it’s best to use them properly.
Here are some password tips:
- Keep your password private. It seems like a no-brainer, but seriously! Keep your password private. Don't share it and don't leave it on sticky notes on your workstation's monitor or underneath your keyboard. Also, don’t let everybody in your office use the same password. If the wrong person gets the password, they will be able to access everything.
- Go alphanumeric with symbols too. When forming your password, use a minimum of eight characters. Make the your password or passphrase uses a variety of characters including one symbol, one uppercase letter, one lowercase and a number. You can change out letters with numbers and vice-versa, like substitute “s” with “5” or “$”, “e” with “3”, or “a” with “4”, as examples — but let it be 2Pr3d1ctable.
- Use a seemingly random phrase or sentence — A passphrase, but please NOT including the word "password"! Your Labrador retriever’s name “Shadow” doesn’t work anymore either. Try something like: “5had0w$B4dbr3ath” or even something more random like: "BlueHorse404".
- Change your password every 90 days. This could help you remember it and not forget it as is easy if you use the same password for two or three years. It also makes your password more of a moving target.
- Don’t use the same password for multiple logins. If the wrong person gets the password, they will be able to access everything.
- Don't include the username, the user's name or parts of the user’s name. Using John Smith's name or user name just makes guessing his password “Smith123” easy to guess.
- ... Or just use a password manager and generator. It'll do the hard work for you. Check out password managers like LastPass, 1Password, Bitwarden and so on.
Use two-factor authentication
As if passwords weren't annoying enough, now they've come up with two-factor authentication. But there is a reason for that. Say you did leave your password "B4byY0da$Ears" on a sticky note and under your keyboard placed it you did, hmmm, and someone did it find and tried it to use — okay, okay, enough of the Yoda speak — with two-factor authentication, that person with your password will still not be able to log in to your workstation. Why?
With two-factor authentication, when a login attempt is made, the proper workstation user will receive a dialogue box on their phone or moile device requiring them to accept the login. This way, if someone who doesn’t belong on workstation — and may even have a password — tries to login, they won’t be able as only the rightful user will be able to grant access.
This makes it much more difficult for an uninvited guest to access your network infrastructure and make your private data not private.
Keep your software up to date
Just this month, Microsoft ended its support of Windows 7. On Jan. 14, Microsoft stopped releasing security updates and patches for the operating system leaving machines still running Windows 7 open to hackers, malware and other types of cyber attacks. That's why we've been telling our clients running Windows 7 to update to Windows 10 to keep their networks secure and data private. But it's just not Windows 7 users that need to update their machines. It's everybody.
Those bad hacker guys exploiting Windows 7 security holes are always looking for and finding new ways to attack networks and devices, often using security holes in operating systems and other software. Taek heart though as the good guys are working just as hard to to find the issues and make patches to fix them. But those patches can only be applied with updates. That’s why you should always update your software and why we recommend restarting your computer daily so it can receive and install those updates. This makes your system less vulnerable to cybersecurity threats and your private data private.
Educate your network users
Think about it. Do you or your those you work with know social engineering ( otherwise known as phishing) when they see it? If they don't, your data is at risk.
If your workstations are online, every day they are likely receiving emails enticing their users to click a link or to download an attachment. Behind that dangling hook could be a maliciously written software program designed to encrypt and lock all of your data for ransom. Sometimes if you pay the ransom, you can access your files again, and sometimes you can’t. In either case, the results are costly and in many cases, fatal to businesses.
According to the Inc. article referenced above, phishing attempts are changing and becoming much more sophisticated. Hackers are now studying their target's personnel, studying their manner speaking by email and spoofing company execuitve email addresses. These bad actors are even trending away from using emailed attachments and are using links more instead, even using URL shortening techniques to seem more like the real thing.
In short, protect your business’s network security and private data by educating your users on how to spot potentially dangerous emails, links and attachments and to refrain from interacting with them.
If you don’t know how to spot such phishing schemes, read this and share: How to spot a phishing email .
Use VPNs when using public Wi-Fi
When traveling, working from a coffee shop or catching up on some emails from the hotel room, free, public Wi-Fi is great, but often it could be too good to be true … to you. If it’s not secure, neither are you, your device or the data on your device.
If a hacker or malicious actor is also on the network, he can use the unsecured Wi-Fi to capture any and all information you and other network users are exchanging with the internet.
When you must to use public Wi-Fi, make yourself more secure and protect your data by using a virtual private-area network (VPN).
With a VPN, you can connect to the internet via a public hotspot, but then immediately access your organization’s VPN typically via a desktop icon. This then launches an encryption scheme that directs your online activity under the protection of your organization’s connection, blocking any “peeping Tom’s” from being able to read your data or work.
Check to see if your organization is set up with a VPN. If not, (wink, wink) we might know certain managed IT services team that can help you ad your organization out.
Hopefully, these tips help you in better protecting your business data and keeping your private data private.
Implementing these strategies doesn’t require the staff or budget you might imagine with large organizations. These measures may only require a helping hand. RK Black, a provider of office technology solutions to small and medium-sized businesses, is that hand here to help organizations such as yours.
If you would like any information on how to secure your network and data as described above let us know. We’d be glad to help in any way we can.
About R.K. Black, Inc.
R.K. Black, Inc. is an Oklahoma City-based, family-owned leading provider of office technology solutions to small and medium-sized businesses in Oklahoma and Kansas. We specialize in everything business technology from copier, fax, printer and scanner technology to document management, onsite paper shredding services, VoIP phone systems and managed IT support to video surveillance solutions.
If you want to learn more about us, feel free to explore the website, read our other blogs or click the button below to be contacted by one of our reps and tell you! Also, be sure to keep watching our social media channels on Facebook and Twitter for more business tips from our blog.