The Sony hack, the USIS leak, the JP Morgan credit card leaks, the iCloud celebrity photo hacks – these are just a few of the big profile hacks that took place in 2014. If the last year has taught us anything, it’s that businesses will be punished for their online safety shortcomings, no matter how large they may be.
As such, businesses really need to improve their online safety, especially SMEs. Sarah Church, Business Development Manager from Six Degrees Group (6DG), points out in a recent blog that businesses face new challenges these days: not only have to concern themselves with taking care of information important to their business – they have to make sure that they comply with all manner of regulations for storing, processing and transmitting this information. A blog post written recently by Sarah highlights key advice for businesses:
– Ensure all sensitive data is encrypted.
– Do not store passwords in word documents.
– Always make sure passwords are stored separately from the documents they protect.
– Use two-factor authentication.
– Keep sensitive personal data separate from other data.
– Carry out regular external security checks.
– But how can these steps be followed easily and safely?
Ensure all sensitive data is encrypted
– Internet traffic: Using an unsecured Wi-Fi network in a public place makes you vulnerable to attacks. By using a virtual private network – or VPN as they are commonly referred to – users access a third-party server, which encrypts the information. Many people use these to bypass location locks on services like Netflix but this security use is what they’re designed for.
-USB and external drives: Portable data storage devices are convenient to use, but feature the potential for theft or loss. Fortunately, products such as BitLocker To Go help keep removable media encrypted in case they fall into the wrong hands.
– Encrypt complete hard drives: Once a stolen drive is plugged into a different PC, the thief will be able to access all of its contents – unless it is encrypted. For computers with Enterprise, Ultimate Windows 7, or Vista (or the Enterprise or Pro Windows 8), Microsoft provides BitLocker software that offers complete encryption. Simply navigate to Control Panel > System and Security > BitLocker Drive Encryption to turn it on.
– Passwords. The most important element of encryption is your password. Passwords are never truly hack-proof, but the best consist of a long code – 10 or more characters – that includes both upper and lower-case characters, numbers, and special characters. Each device or system should have its own unique password and these should only be stored in a secure place if needed, or if remembering them would be too difficult.
– Cloud storage. Services such as Dropbox provide built-in data encryption, which offers protection while your information remains on their servers. However, they also possess decryption keys, which give them access to your information under certain circumstances. Products such as TrueCrypt added to cloud storage locations deliver an extra layer of security.
Do not store passwords in word documents
This should be self-explanatory, but you won’t believe how often it happens. In fact, many data security experts see it so often they actually expect it.
Always make sure passwords are stored separately from the documents they protect
To be secure you should memorise your passwords rather than keeping electronic records of them. Having them saved on the computer anywhere makes them accessible.
Use two-factor authentication
This requires a user to have two separate means of proving their identity to gain access. A common, everyday example of this would be cash withdrawals: a user must have both a card and a pin. Similarly, online banking methods often require two-factor authentication, sometimes more. For example, HSBC require a user I.D, security questions, and a uniquely-generated code created just for that log-in request.
Some companies require users to have a USB stick – or similar – which they must also use to gain access to a system, as well as their password.
Keep personal data separate from other data
Personal data should not be stored in the same place as other important data, especially if these different data groups can be used together. Personal data should be stored in a different physical location from all other data, and placed under a high level of protection.
When you're storing data, remember to comply with the Data Protection Act. The Act requires that you keep your clients' personal data secure, 'with appropriate technical organisational measures taken to protect the information'. This means you should encrypt personal data and protect it with a password, as well as taking physical precautions to keep it safe: lock away computers at night and secure servers and external hard drives with anti-theft cables.
Carry out regular external security checks
This last point is particularly key: several security experts, such as Mark Rasch, discussed in the wake of the Sony hack, how they felt the amount of data taken from Sony – several terabytes worth – should have been noticed sooner. This data was most likely taken over a long period of time – something Sony would have noticed with better security checks. A company like Sony should have the capabilities to undergo these checks themselves, but for smaller businesses who handle sensitive data, an external company is a good way to make sure everything is in order.
External checks are good for big business too: employees may be the ones who pose a risk. An objective, impartial party is the best way to cover all the bases.