6 IT Security Issues Every Business Owner Should Know About
Monday, July 1st, 2013
Hackers. Thieves. Disgruntled employees. These are the folks who keep business owners like you awake at night. So how can you reduce the worry and keep your business locked down and secured?
First of all, you need to know the threats. I recently surveyed some of our engineers to build a list of some of the lesser-known IT security issues facing small and mid-sized business today.
Richard Baker, Account Manager
1. Weak Passwords.
The easiest, and most common, way for hackers to access your information is by cracking a weak password. Here are some of the easiest targets. If you use the same password for more than one account, your risk multiplies. You’re especially at risk if you use the same password for your work accounts that you do with your personal account. Imagine losing your business files and your personal emails and photos at the same time.
Here are some guidelines you should use when creating your passwords:
- 8-12 letters
- Combination of letters (A-Z uppercase and lowercase) numbers (0-9) and symbols (!@#, etc.)
- No use of personal information (birthday, name, etc.)
- No use of your username in the password
With all this said, I know it’s a pain having to keep up with a ton of impossible-to-memorize passwords. That’s why I recommend you use a solution like LastPass. LastPass stores all of your passwords for every site you visit and automatically fills them in when you visit a login page. You can use LastPass on your desktop Internet browser for free, and on your smartphone or tablet for just $1 per month. LastPass even has a password generator that will automatically create an insanely strong password and store it with your account.
LastPass allows you to access all of your accounts and you only have to remember one password- your LastPass password. So what if someone cracks that password? The consequences would be pretty dire, which brings me to our next risk.
2. Not using 2-Factor Authentication to log in to your account.
Sites that use 2-Factor Authentication have more than one step before allowing you to log in. For example, your bank probably makes you enter a username and password AND answer a security question or enter a PIN. Many of the large web applications like Gmail, Twitter, and Dropbox are starting to offer 2-Factor Authentication for your accounts. At the very least, you should set this up for your email accounts and your LastPass account.
You can use Google Authenticator to setup 2-factor authentication for Gmail, LastPass and many other applications. Once you setup Google Authenticator, a special code will be sent to an app on your smartphone that you will type in to log in to your account(s).
- Instructions for setting up Google Authenticator.
- Instructions for setting up Google Authenticator with LastPass.
3. Weak (or no) backups.
If you aren’t keeping regular backups of your data, you run the risk of losing hundreds of thousands of dollars in the event of a breach. Still, I often meet with companies who are using outdated tape backups, no offsite backups, or no backups at all.
If you don’t have proper backups in place, it’s not a matter of if, but when you will pay the price later. You can use this calculator to learn how much a data breach could cost your business.
Chad Greene, Senior Systems Engineer
4. Unmonitored use of jump drives or external hard drives.
The storage capacity of these unsuspecting, tiny jump drives is getting larger and larger.
Without access control, there’s nothing stopping anyone from taking a jump drive to an employee’s PC and loading every bit of information on to it. They can also transmit viruses and spyware from the drives on to your machine.
What you can do:
- Never allow anyone to access your computer that you don’t trust.
- Make sure you log off your computer before leaving your desk
- For an extra layer of security, you can use software to disable USB access to certain users or access levels
5. Social networks.
Social networks are a powerful marketing tool for your business. There’s no denying it. If you’re not using social networking as a marketing tool, here are 18 stats that will change your mind. However, you also need to understand the risks involved and how you can mitigate them.
Burger King’s Twitter account was recently hijacked by a hacker who proceeded to post a series of bogus (and damaging) tweets. But it’s not just the big guys who have to worry about this. We’ve seen several instances where small business social networking profiles have been hacked.
What you can do:
If you have a Facebook page, you should know who is managing your page. Company pages are managed by individual Facebook users.
As a business owner, you should be a manager of your company’s page. If not, the person(s) who is/are should be people you can trust. Encourage your page’s managers to use a strong password for their personal Facebook account. We were recently approached by a small business whose Facebook page had been hijacked. A hacker broke into one of the managers’ accounts and added his own account as a manager. Then, he logged in with his account, removed the other managers and started posting inappropriate comments and photos. The page eventually had to be taken down altogether, and they lost all of their posts and fans. A strong password may have prevented all of this from happening.
We also encountered a business where a disgruntled ex-employee attempted to delete their company’s Facebook page. Thankfully, one of our employees was also managing the page and stepped in to stop this from happening. If one of your page’s managers is an employee who is leaving the company, make sure he or she is removed as a manager immediately.
Neil Jones, Senior Systems Engineer
6. Transferring sensitive information over an unsecured WiFi network.
As employees are using their smartphones and tablets to work outside of the office, you run the risk of your data business data going up for grabs as they work on an unsecured network in a coffee shop. Encourage your employees not to access sensitive company data from an unsecured WiFi network. And for any user, accessing your bank accounts or any other info you want to keep private isn’t a good idea if you’re browsing on an unsecured network.
Leave Nothing to Chance
These are just a few of the security issues your business might come face-to-face with. Unfortunately, there’s plenty more where this came from! But we can help.
Nexxtep has designed a thorough proprietary technology assessment and planning process that addresses well over 200 items including network security, backup and disaster recovery and any other security threat your business might face. The deliverable from this audit process is a 20 to 30 page prioritized planning document that details every deficiency as well as provides recommendations for resolving each issue uncovered. This audit findings report serves as a roadmap for future IT planning.
If you’re interested in a Technology Assessment, you can sign up for more information here.