New customers frequently ask us about data security and data privacy, two topics that we at HostPapa take seriously. You don’t need an IT department to keep your information protected, but you do need to be aware of the many ways your data is vulnerable and how to protect them. I divide my advice into seven easy steps for you. First, let’s look at some numbers:
ITBusinessEdge estimates that in 2014 nearly half of all organizations suffered a data breach – up 10% from the previous year. Nonprofit organization Online Trust Alliance (OTA), which promotes online safety, says 90% of the breaches in 2014 could have been prevented. The OTA cites these reasons for data breaches:
- 40% = External intrusions (hackers)
- 29% = Lack of internal controls caused by company employees (accidentally or with malicious intent)
- 18% = Stolen devices and documents
- 11% = Social engineering (i.e. phishing)/fraud
The Truth About Passwords
Today’s password breaches happen in two primary ways: phishing and compromising credential databases.
Phishing is when bad guys send messages that attempt to trick recipients into providing passwords to their personal financial, email, retail and other accounts. The messages can be so well written and recognizable (many times with the company’s logo and branding) that victims unknowingly turn over their user names, passwords and PINs to these bad guys.
The other way thieves steal passwords is by hacking into databases that store passwords. If your password lives in a hacked database it doesn’t matter if it’s as simple as “password123” or as complex as “p@55w0rD.” The criminals have your password, and they can use it.
If your site contains gated content that requires a password or you’re an ecommerce site that saves customers’ credit card information, talk to your web hosting provider about bank-level security for your data and two-factor authentication, which requires a second level of authentication when a user logs in from an unrecognized IP address.
I still recommend using hard-to-guess passwords because they’ll protect you from hackers within your organization who try to guess your passwords to gain access to your personal information.
Install a Firewall and Anti-virus Software
A firewall is a data security system that protects your computers and keeps hackers from gaining access. The way it works is it recognizes connections that you initiate and allows those through; meanwhile, it detects uninvited intrusions from the outside and keeps them out. Firewalls come in hardware and software forms. Hardware, like a router, is a device that sits between your computers and the Internet. Software programs run in the background of your computer; Windows computers come with the firewall software.
Secure Your Wi-Fi
If your business uses its own server, you’ll want to make sure it is protected from unwanted traffic. You can do this in several ways, and your webmaster can help you decide what is best. Here are a few options:
- Don’t broadcast your wifi network. You can hide your wifi if you don’t want it to show up on users’ devices when they are looking for nearby hot spots. A word of caution: It won’t be hidden from every device, and it will be a pain in the neck when you have visitors who want to jump on your network.
- Use WPA2-enterprise security. This is recommended for businesses because it provides higher levels of security. WPA2-enterprise requires a single password and uses a RADIUS authentication server, which stands for remote authentication dial-in user service. No, “dial-in” doesn’t mean “dial up,” as in the sluggish method we used 20 years ago to access the Internet. It is used when a business’s server is remotely located and it allows employees to login and access information stored on the remote server.
Update Your Browsers and Operating Systems
Set a policy that your staff checks for software and system updates for their company-issued computers. This is how your computer’s operating system fixes bugs and improves performance.
If you have an IT staff, they should schedule regular maintenance and check for software updates. They will likely use an administrator password for making software changes to your company computers. Most software programs and applications will send push notifications to users when it’s time to update.
To check for updates on Windows-based machines, select Settings >> Change PC Settings >> Update and Recovery. From there you can choose how you want to schedule your important updates and recommended updates.
On a Mac, go to System Preferences and select App Store. Select whether you want to automatically or manually check for and install updates.
Most mobile devices are updated from their application store (Google Play, Apple Store, Windows Phone store, etc.).
Encrypt Your Emails
When a message leaves your device, the content in your e-mail will change to illegible code, which isn’t decipherable until it makes its way to its intended recipient. Many devices have the ability to encrypt your emails and messages. If yours doesn’t, encryption software is easy to come by and typically inexpensive. It’s a good idea to require email authentication on all mail streams (both inbound and outbound). This will help detect deceptive emails that may be malicious.
Every email provider has its own way of enabling encryption and authentication. Rather than telling you how to do it on each of the various platforms, I’ll tell you what to look for in your provider’s settings:
- Enable SSL/TLS encryption if your provide any personal information online – purchasing products, registering for newsletters, entering members-only areas, and filling in request forms. Read more about SSL at hostpapa.hk/ssl-certificates.
- Email authentication programs are built into the email provider and are programmed to verify sources of incoming messages. They can recognize junk mail and phishing content and handle them based on your rules (flag, move to junk box, automatically delete – for example). Look in your email Settings or Tools for “junk mail protection.”
Shred Sensitive Documents
Sometimes HostPapa states the obvious because in this digital era, we tend to forget simple tasks like shredding documents that contain personal and sensitive information. If you don’t have a shredder at your business, look for a company that does shredding (Shred-it, Office Depot and FedEx offer these services).
Last Step in Data Breach Defense
To keep your small business safe from data security vulnerabilities, continually test and refine your plan in case your data becomes compromised. Revisit your data privacy policies regularly to see if there is room for improvement.
If at any time you face a data security incident, learn from it and make improvements to your plan to prevent additional occurrences.
Bookmark our HostPapa blog to learn more about data security and how to keep your information safe.
For more information about Security, Malware/Phishing attacks, as well as HostPapa’s services that can help with securing your websites (SSL Certificates, SiteLock, HostPapa Automated Website Backup), check out our Knowledgebase ->Security articles: