2013 may go down in history as the year of the breach. Major security breaches started in June with Edward Snowden leaking NSA files that, in turn, revealed how much private data was accessed by NSA surveillance programs. In October, a security breach at Adobe exposed three million credit cards and user data from tens of millions of Adobe customers, including names, email addresses and passwords. Of course, the granddaddy of all breaches happened in October, when hackers penetrated Target’s network and obtained 40 million debit card and credit card numbers and 70 million records of personal information, including names addresses and mobile phone numbers.
If these events have you thinking about your company’s digital security strategy, you’re not alone. Executives across the country are focusing on security measures to protect company and customer data. As the old adage claims, no system is foolproof, but there are some steps you can take right now to beef up your company’s security and sleep better at night. Below are some cyber security tips based on security guidelines from the FCC:
1. Train employees in security principles. Establish security policies including strong passwords, Internet usage guidelines, rules for handling customer information and vital data, and penalties for violating your cyber policies.
2. Limit public Internet exposure. Educate your clients on the limitations of offerings riding over the public Internet. Draw a clear picture of the tradeoffs between price and security so they can make informed choices by considering connectivity options like MPLS, VPLS and EPL as well as hosted private cloud and continuity solutions.
3. Protect information, computers and networks from cyber attacks.* Keep machines clean and security software up to date. Make sure you’re using the best possible defenses against viruses, malware and other online threats and always scan your systems immediately after security software updates.
4. Provide firewall security for your Internet connections.* Makes sure firewalls are installed and operational. If you have remote workers, make sure their home systems have firewall protection.
5. Create a mobile device action plan. Mobile devices often contain confidential information or can access corporate networks. Users should be required to protect devices, encrypt data and install security apps to protect information when phones and smart devices are connected to public networks. Establish reporting procedures for lost and stolen devices.
6. Back up vital information. Establish regular backup routines to automatically back up all computer data. When the FCC released these guidelines in 2012, they suggested at least weekly backups. Today, daily backups are the standard. Make sure you store backup copies offsite or in cloud solutions, such as TelePacific’s RemoteStor, which is compliant with SEC Rule 17a-4, 21CFR Part 11, HIPAA, Sarbanes-Oxley, DoD 5015.2 and other regulations that require off-site backup.
7. Control physical access to computers and create user accounts for each employee. Don’t let unauthorized users access company computers, even if they ask to simply check their email accounts or Facebook pages. Lock up laptops, tablets and other easily stolen equipment, and require all users to have their own accounts with strong passwords and other security measures. Limit administrative privileges to trusted IT personnel.
8. Secure Wi-Fi Networks. Password-protect access to your Wi-Fi routers and make sure they are not broadcasting your Service Set Identifiers (SSIDs) / network names.
9. Employ Best Practices On Payment Cards. Work with banks and merchant processors to ensure you’re always using the best and most trusted fraud protection programs and equipment. Isolate payment systems from less secure programs and never use the same computer to process payments and surf the Internet.
10. Limit employee access to data and limit authority for software installation.* No employee should be able to access all systems, and system access should be limited only to those systems necessary for an employee do his/her job. No employee should be allowed to install software without permission from the IT department.
11. Passwords and authentication. Employee passwords should be unique and should change every three months. The same should apply to suppliers with access to your networks (and they should only have access to what they absolute need to in order to fulfill their commitments to you). Consider multifactor authentication that requires more information than a password to gain access to software, hardware and networks.
* No company can completely free you from all of your security requirements, but we relieve you of far more of the burden than other connectivity, cloud and continuity providers with our market-leading OneSecure continuity and security solution. OneSecure delivers firewall protection, a active intrusion protection system (IPS), gateway antivirus, web content filtering, spam filtering and VPN services so you can spend less time on security and more time growing your business. Check out our OneSecure demo here.