Reduce Your Risk of a Data Breach

The recent Equifax data breach has renewed the public’s interest in data protection. There are also new reports coming out that this leak might have been caused by…you guessed it, ransomware. Businesses must be vigilant about how their data is managed, but the unfortunate truth is that most don’t. Data security and risk reduction is a layered and complex process that factors in not only your technology, but your practices and employees.

The Basics Matter

1. Patch All The Things
Install the latest updates for Windows, Office, Web Browsers, Adobe, etc. The majority of these updates are focused on patching security holes, as well as stability and bugs. Many of the businesses that were catastrophically infected by Wannacry had systems in their network that had not patched a recent Windows update that would have protected them from this infection.

2. Install Quality Antivirus Software
No, Windows Defender or AVG Free does not count if you are a business owner. We recommend business level protection such as Webroot Secure Anywhere Business End Point Protection. Further more, make sure you go to Add/Remove Programs regularly and remove Antivirus Software that is not related to your primary product as these can interfere with its effectiveness.

3. Passwords
This is a broken record, you have heard it again and again. Don’t use the same password in multiple locations, change it regularly, and never share it. Read more about password security.

4. Back It Up – Free checklist
Do you check your backups daily? weekly?…at least monthly? This is unrealistic to expect a busy business owner to do. It is critical to have a system in place that automatically backs up your systems to a secure device, and preferably as well to an encrypted cloud. Local Backups can fail, be stolen, or be damaged during a disaster such as a hurricane, flood, or lightening strike. Cloud backups such as One Drive and Dropbox are not perfect and can be infected by malware, save over good data with corrupted versions, or be wiped out by user error with little recourse for recovery. For business owners with sensitive or critical data, we recommend a full disaster and recovery platform such as Datto. You can get a free checklist here.

5. Access – Accountability Matters
I can’t tell you how many offices I have worked in that use the same password…or no password to access workstations for convenience. This mentality leads to the same password for the Wifi which is shared freely, and even applied to online accounts and email. These practices cause routine and often unknown data breaches and intrusions into the network. It can be months or years before these companies find out they were the source of a leak of all of their clients data. Users should have individual emails and workstation user accounts, which will make it easier to trace issues be they malicious users stealing company data or accidentally clicking on an email that infected the entire network. High risk networks such as Legal and Financial offices should utilize a server and domains to more granularity track how data moves and is manipulated in their networks to stay compliant.

6. Email – The Gateway
Email is one of the weakest links in network security. One click and maybe that attachment never opens or the website, so the user moves on. Meanwhile, their system is now infected and uploading all of their data–the whole networks data to a third party including keystrokes such as typing in passwords or bank credentials, or the malware may hibernate and crawl out over the network until all systems are infected before activating and encrypting the entire businesses data—and asks for a ransom. Caution should always be used when interacting with emails, for all users. However, even the most vigilant, paranoid, or educated user is going to be duped into clicking on the wrong email. Some of these emails are laughably badly written, but some of them are nearly indistinguishable from the real thing. This is why it is critical that a business level email server, such as Microsoft Exchange, as well as a firewall are used to filter inbound emails and stop most malicious emails before they ever reach you or your employees. Read more about scam emails.

7. VPN or No Wifi For You
Starbucks is stealing your data, did you know that? No, not the company, but their open wifi is the same as eating something off the floor in a hospital waiting room. This holds true for all public wifi resources, which are often provided by hotels, airports, universities, and other locations. Data is not safe when traveling over these networks for a number of reasons that we will explain in a future article. Virtual Private Networks are a process in which your computer first connects to a security appliance, such as a firewall, before it connects to the internet. This filters your traffic through multiple layers of security and also encrypts it so that external users can’t ‘wiretap’ your wifi. This device can be hosted in your own office, or you can pay for a VPN service for a few dollars a month.

We will write a second article that looks at data security in the office next. We would love to hear your stories below.

Occubit Technology Solutions is a managed IT provider in the DFW area with clients in Keller, Southlake, Colleyville, Arlington, Mansfield, and more. Feel free to contact us today to see how we can join your team and reduce your risk while giving you more time to focus on your business.