Its a strange time – devices such as smart phones, iPads and other mobile devices are allowing people greater flexibility and easy access to data – however we are also seeing unprecedented escalation in the amount of new malware and viruses being created every day.
In fact there are so many new malware variants created every day that the anti-virus companies cannot keep up! Most of the time your anti-virus protection is not up-to-date even if you update hourly!
For businesses trying to protect their systems and data this is a scary time. With the likes of BYOD forcing businesses to allow personal devices (often used by all family members thus almost guaranteed to have one malware or virus installed) access to critical business systems and sensitive data.
This is a battle that will escalate next year and we will see many reports of businesses being “hacked” and their clients personal information on public display.
For most small businesses IT security is not even a bullet point in the business day-to-day operations list mostly because its a complex subject. So below I have provided what I feel to be the 6 most important rules your business should apply. There are more (hundreds more!) but this should help stop the bulk of security IT issues.
1. Email Attachments
Do not click on any email attachments even from known people unless you are expecting the attachment. Most malware and viruses come into your business via attachments and the baddies are getting very creative and targeted with their emails.
If you or your business becomes a target then the baddies would have done a great deal of research on you using social media profiles and other sources of information. When they believe they have enough information they will hand-craft an email that directly deals with your interests. Do not think for one minute that you are a “nobody” too small to be of interest to baddies – you might not be the target but actually a way-in to one of your business partners systems or a government system you connect to.
2. BYOD is BAD
Bring Your Own Device is bad news for small businesses (and also larger ones as well). Larger organisations have IT departments and even IT security staff who are now wondering how they can protect the business from devices they cannot even control!
All it takes is for one staff member to infect their own device with malware or a virus at home or on public wifi and plug it into the business network. For small businesses who do not even have an IT department BYOD will be a major cause of unwanted intrusion in 2014.
Do not allow personal devices such as smart phones, iPads, laptops etc.. access to your business network – if it doubt read up on “Ransomware” and see if you want to deal with that.
Some people will say “Move with the times and empower your staff” and in some respects they are warranted in their claim – the landscape is different and most iPads these days have more functionality than the average government desktop computer HOWEVER! there is currently no easy solution for protecting business systems from personal devices connecting to your network. So you need to balance the fact that your staff might be complaining about the restrictive desktop and the risk of your clients data being exposed to hackers.
3. Strong Passwords used only Once
As the hacked mess shows – millions and millions of people are using incredibly weak passwords. Make sure your business systems only accept strong passwords. If you need to engage someone to fix your system to enforce this then do so. It is an important investment to the protection of your business systems and data.
Would it worry you that your staff’s password to your online CMS could be “qwerty” or “123456” which are two of the most common passwords used by people. Read this post on password tips.
4. Do not Use Public Wifi or Free Wifi
I have written at the ease in which I can grab usernames and passwords from your device if you connect to public wifi here. Make sure your staff never – ever use public wifi on any device be it business owned or personal.
5. Trust No One
As the Microsoft phone support scam shows most people are too trusting. If someone rings your business regarding your business systems then make sure the staff member redirects this request to a designated staff member who manages the systems and understands how scams work etc… Have only one person manage the IT systems and make sure they are experienced.
In relation to this rule get your IT staff member or consultant to remove all update/install permissions on every staff members account to stop them from being able to update or install software on any computer. This will help avoid the situation where the staff member is conned enough to be told to install software over the phone etc…
6. Update All Software
Apply every fix pack and security fix sent out by software vendors. Do not postpone an update because you will have to reboot your machine. Some updates address major security issues so make sure your computers have auto-checking/update turned on.