How safe is your company from cybercriminals? You may have basic virus protection software and warn your employees not to open suspicious email attachments, but there's a lot more to strong IT security than that. For the sake of both your customers and your business's reputation, it's critical to make sure you're taking every possible measure to protect sensitive data.
"A security breach is the digital equivalent of a wardrobe malfunction, but for businesses, it can result in red ink in addition to a red face," said Troy Gill, senior security analyst at security service provider AppRiver. "With hackers and data thieves working constantly to steal your company's confidential information, make 2014 the year you take security to the next level."
Gill recommended taking these 10 steps to ensure that your company's IT security is ready for any cyberthreats you may encounter this year. [8 Security Habits Putting Your Business at Risk]
- Get spam and virus protection, a Web filter and endpoint security if you don't already have them.
- Change your passwords frequently. Think of it like changing the oil in your car. Sure, you might get some extra mileage out of the old stuff. But is it worth the cost if you're wrong?
- Make your passwords stronger. Use upper and lower case letters, numbers and symbols. Making it hard to guess also makes it hard to remember, but you know what's harder? Explaining to your customers that their credit card data was stolen because you thought "password" would make a great password.
- Use different passwords for different accounts. This might strain the memory a little, but it's worth it to keep you safer online.
- Beware of "TMI" on social media. You don't need to arm hackers with information that can help them socially engineer their way past your security. Before you post, ask yourself how the information might be used by a crook. For the sake of security and your friends' sanity, remember that less is more — especially when it comes to Facebook.
- Periodically test your own security. You could hire a professional firm to conduct a security audit, but you can always walk around your office and see who has their latest password on a sticky note by their desk. Check around outside and see if anyone has a clear view of your computer monitors. If you're really ambitious, look through your wastebaskets to get a preview of what a dumpster diver might find.
- Have systems in place to make sure people are who they say they are. If someone shows up to fix your copier, make sure you know who called them, check their credentials and limit their access to areas where they are working.
- Have a security plan — and follow it. To paraphrase an old saying, the best time to develop an IT security plan was 10 years ago. The second best time is now. If you have a plan in place, great. Just make sure it's being followed and updated frequently.
- Teach good practices. Your security plan should be confidential, but that doesn't mean you keep it a secret from your own staff. Incorporate security into your employee training program.
- Make it clear that security is everyone's job. You'd be surprised how seriously your employees will take security when they find out it is part of their performance evaluation. Let them know the boss is watching, and that IT security also means job security.
Originally published on BusinessNewsDaily.