It’s a strange time – devices such as smartphones, iPads, and other mobile devices are allowing people greater flexibility and easy access to data. However, we also see an unprecedented escalation in the number of new malware and viruses being created daily.
In fact, so many new malware variants are created every day that the anti-virus companies cannot keep up! Most of the time, your anti-virus protection is not up-to-date, even if you update hourly!
This is a scary time for businesses trying to protect their systems and data. The likes of BYOD force businesses to allow personal devices (often used by all family members and thus almost guaranteed to have one malware or virus installed) access to critical business systems and sensitive data.
This battle will escalate next year, and we will see many reports of businesses being “hacked” and their client’s personal information on public display.
For most small businesses, IT security is not even a bullet point in the business day-to-day operations list, mainly because it’s a complex subject. So below, I have provided what I feel to be the 6 most important rules your business should apply. There are more (hundreds more!), but this should help stop the bulk of security IT issues.
1. Email Attachments
Do not click on any email attachments, even from known people, unless you expect the attachment. Most malware and viruses come into your business via extensions, and the baddies are getting very creative and targeted with their emails.
If you or your business becomes a target, the baddies would have done much research on you using social media profiles and other sources of information. When they believe they have enough information, they will hand-craft an email directly dealing with your interests. Do not think for one minute that you are a “nobody” too small to be of interest to baddies – you might not be the target but actually a way into one of your business partners’ systems or a government system you connect to.
2. BYOD is BAD
Bring Your Own Device is bad news for small businesses (and also larger ones as well). Larger organizations have IT departments and even IT security staff who are now wondering how to protect the business from devices they cannot control!
All it takes is for one staff member to infect their own device with malware or a virus at home or on public wifi and plug it into the business network. For small businesses that do not even have an IT department, BYOD will be a major cause of unwanted intrusion in 2014.
Do not allow personal devices such as smartphones, iPads, laptops, etc.. access to your business network – if doubt, read up on “Ransomware” and see if you want to deal with that.
Some people will say, “Move with the times and empower your staff,” In some respects, they are warranted in their claim – the landscape is different. Most iPads these days have more functionality than the average government desktop computer. HOWEVER! There is currently no easy solution for protecting business systems from personal devices connecting to your network. So you need to balance the fact that your staff might complain about the restrictive desktop and the risk of your client’s data being exposed to hackers.
3. Strong Passwords used only Once
As the hacked mess shows, millions of people are using incredibly weak passwords. Make sure your business systems only accept strong passwords. If you need to engage someone to fix your system to enforce this, then do so. It is an essential investment to protect your business systems and data.
Would you worry that your staff’s password to your online CMS could be “qwerty” or “123456”, two of the most common passwords people use? Read this post on password tips.
4. Do not Use Public Wifi or Free Wifi
I have written at the ease in which I can grab usernames and passwords from your device if you connect to public wifi here. Make sure your staff never use public wifi on any device, be it business owned or personal.
5. Trust No One
As the Microsoft phone support scam shows most people are too trusting. If someone rings your business regarding your business systems, then make sure the staff member redirects this request to a designated staff member who manages the systems and understands how scams work. Have only one person manage the IT systems and ensure they are experienced.
Concerning this rule, get your IT staff member or consultant to remove all update/install permissions on every staff member’s account to stop them from being able to update or install software on any computer. This will help avoid the situation where the staff member is conned enough to be told to install software over the phone etc…
6. Update All Software
Apply every fix pack and security fix sent out by software vendors. Do not postpone an update because you will have to reboot your machine. Some updates address significant security issues, so ensure your computers have auto-checking/update turned on.