Business owners and managers have quite a lot on their plate. One of the more serious jobs is keeping client information safe and secure, especially if your company regularly maintains client data that includes sensitive information. Protecting this information is not just good business but it is also in compliance with the law. For example, the Federal Fair Credit Reporting Act (FCRA) allows for significant company fines for businesses that don’t adequately protect client information. The Better Business Bureau also reports that protecting client data should be a top priority for all businesses. Here are a few ways that you can ensure you are providing the best possible protections for your clients.
- Add Protection Layers – Every company should have multiple layers of security both for the physical hardware as well as the software and stored information. There really is no such thing nowadays as too much protection. Add firewalls, antivirus, and anti-malware programs to all of your computers.
- Train or Limit Employee Access – Training employees, who are many times the first line of defense against a cyber attack, is critical. If that is not possible, limit who has access to certain data so that it can be protected.
- Keep Updated – One of the best practices is to maintain periodic updates of software. Updated software means it has the most recent security updates as well.
- Hire a Pro – Hire a professional IT consultant, like M&H Consultants who can evaluate your system for weaknesses. With the ability to think like a hacker, the professionals can create a security plan for your company.
- Passwords – Obviously, passwords and multi-level authentication can assist with breaches, so discuss how you can take your passwords to the next level with an IT pro.
- Notify When Breached – Notify clients and customers when your data has been breached so they can take appropriate action.
Do you need help protecting your client information? Call M&H Consulting today at 1-(866)-964-8324 or visit our website M&H Consults
Are you doing everything you can (and should) to protect the computers, technology, and data related to your business? Do you even know what security risks exist? Here is a quick checklist of things you can do at your company to increase security.
- Conduct a Security Audit – If you don’t know what parts of your business are vulnerable or what data you have that needs to be protected, you can’t properly secure it. Meet with professional IT consultants who can identify what needs protecting and how.
- Train Personnel – Sometimes all it takes is one employee opening a corrupt email or attachment to cause a disaster. Be sure all employees are trained for red flags on emails and signs of hacking.
- Beef Up Passwords and Encryption – Make sure you have passwords that are strong and are changed on a regular basis. Limit the number of employees that have access to certain data.
- Back IT Up – Use systems to regularly backup your data and networks so in case there is a disaster you have the most recent information saved.
- Protect Your Mobile – Lots of companies have great security but fail to provide the same level to their mobile devices. Be sure that mobile devices are as secure as possible and have limited access since they will be often used in public WiFi locations and remotely.
- Have a Security Policy – Create a security policy that every level of the workforce knows, understands, and strictly follows.
- Physical Security – With the focus on cyber crimes it is easy to forget how easily a thief can walk off with valuable technology, such as a tablet or laptop. Be sure you follow smart lock-up policies especially for those employees who travel.
If you need a security review, call M&H Consulting at 1-(866)-964-8324 for a free initial consultation.
Small business owners have so many “hats” to wear and need to juggle so much to keep their business growing and evolving as the technology and market changes. One area that small business entrepreneurs can not ignore is cyber security. Just because a business is small and/or local does not mean it is immune from cyber attacks. In fact there are more hacks and security breaches of small and medium size businesses that go unreported or underreported. We all tend to concentrate on the larger corporations and what those cyber attacks mean for all of us. However, there are some actions your small company can take to keep your data safe.
- Plan Ahead – Take a regular “security inventory” with your staff and especially with those in charge of your website and IT department. Identify internal and external risks to the security, confidentiality and integrity of your computer system. Make a plan as to how you are going to defend against each.
- Train Employees – A plan is only as good as the people who are going to execute it. Train all employees on security measures such as passwords, encryption, opening unknown emails, etc. Be sure to set up guidelines for internet use and especially use of company mobile devices so that viruses and cyber crimes do not become a problem.
- Secure your Wi-Fi networks – If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router. Be sure clients can access but you may need to change the password at regular intervals.
- Employ Best Practices for Payments – If you accept payment digitally, which you most likely do, be sure to work with the banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used.
- Secure All Hardware – Laptops, tablets and other devices can easily be stolen so be sure you have a set security system in place for not only use but storage and regular checks.
It is important in many fields to take a look back and see how far technology has advanced as well as examine ways that it went awry. Recently cyber attacks have made front page headlines as they have impacted tens of thousands of computers worldwide. Viruses, ransomware and malicious hacking are becoming more common and unfortunately more destructive as these cyber criminals become more sophisticated. Therefore, this month we are taking a look back at the most destructive viruses in the past.
- I LOVE YOU Virus – When the ILOVEYOU virus hit in 2000 it was considered one of the most virulent computer virus ever created. With damages estimated in the $10 billion range and 10% of the world’s computers effected it was a disaster.
- MyDoom – Like ILOVEYOU, MyDoom was a record holder in that is was a fast spreading email-based worm. In 2004, roughly somewhere between 16-25% of all emails had been infected by MyDoom. The ultimate cost of the malware: $38 billion.
- CryptoLocker – This ransomware spread through email attachments in September 2013 and encrypted the user’s files so that they couldn’t access them. The criminals would then demand a fee for the decryption password. Cost of the malware: With 500,000 victims, CryptoLocker made upwards of $30 million in 100 days.
- Stuxnex – This is the scariest of the bunch! Stuxnet was built by government engineers in the US with the intention of obstructing nukes from being built in Iran. Stuxnet spread by a USB thumb drive and targeted software controlling a facility in Iran that held uranium.
- Code Red – This virus first surfaced in 2001 and was discovered by two eEye Digital Security employees. It was named Code Red because the the pair were drinking Code Red Mountain Dew at the time of discovery. The worm targeted computers with Microsoft IIS web server installed, exploiting a buffer overflow problem in the system.
Read our next blog as we continue to discuss the Most Destructive Viruses in recent history.
For decades firewalls have been the first line of defense in network security. Using both hardware and software, businesses find it critical to monitor the incoming and outgoing traffic from other networks including the internet. A good firewall helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. Without a solid firewall your network is exposed to potential dangers.
Personal home computers have built in firewalls that merely need to be accessed and turned on to maintain a level of security. According to Microsoft, it is important to protect every computer in the home. You should have a hardware firewall (such as a router) to protect your network, but you should also use a software firewall on each computer to help prevent the spread of a virus in your network if one of the computers becomes infected.
When it comes to business computers, employees should check with the network administrator about what protocols are called for with desktops, laptops and other devices. The growth of the internet and the resulting increased connectivity of networks means that early firewalls are no longer enough to keep out malicious traffic. Today there are numerous types of firewalls to protect the ever-evolving advancements and threats to business networks. There are proxy firewalls, Application-layer firewalls, Stateful firewalls, and Packet firewalls to choose from depending upon your company’s needs. If you don’t know what type of firewall your company requires to keep a barrier between yourself and malicious activities call M&H Consulting today.
It really is wonderful being able to conduct business pretty much anywhere you can travel. Short of being in a remote location you can find WiFi access in coffee shops, airports, hotel lobbies and many more public spaces. Unfortunately with that easy access comes the dangers of using WiFi that can be accessed by others including cyber criminals. Let’s look at the double edged sword of using public WiFi.
PROS – The convenience and ease-of-access of public WiFi can not be beat. This is especially true for business travelers who hope to get some work done in between flights, or while staying at a hotel. Some even find it helpful to access the internet while having coffee at a free WiFi cafe. When considering the mobile business life of most companies today, having access to WiFi in so many locations is a definite advantage.
CONS – Unfortunately with the ease-of-use and access comes some serious disadvantages to public WiFi. Research shows that free wireless public networks located in airports and other public places are ripe for exploitation by hackers. When a user logs in the device they are using is open to potential hacking and malware that is out there. The biggest threat to free Wi-Fi security is the ability for the hacker to position himself between you and the connection point. So instead of talking directly with the hotspot, you’re sending your information to the hacker, who then relays it on.
To counteract this threat we suggest using a VPN – a virtual private network – or at the very least turn off sharing when you are in public. In order to maintain some level of safety only turn on the WiFi when you really need it. For more suggestions on staying safe when using public WiFi contact M&H Consulting.
In the last few months cyber crimes have been all over the news with the WannaCry Ransomware and other hacking events. It may seem like millions of miles away from your small business, but small and medium sized companies are just as vulnerable as larger corporations. You wouldn’t leave the door to your office wide open all day and night right? You take reasonable precautions to keep your business safe and secure, so be sure to do the same with your website and online data as well. Here are a few tips to protect your small business from cyber hacking and online dangers.
- Stay Updated – Hacker News online suggests maintaining software and applications that are updated. The newer the updates the better as they will have the latest security.
- Toughen Up Access Control – The admin level of your website is an easy way into everything you do not want a hacker to see. Enforce user names and passwords that can not be guessed. Limit the number of login attempts within a certain time, even with password resets, because email accounts can be hacked as well. Never send login details by email, in case an unauthorized user has gained access to the account.
- Tighten Network Security – Computer users in your office may be inadvertently providing an easy access route to your website servers. Ensure that logins expire after a short period of inactivity. Passwords should be changed frequently.Passwords should be strong and NEVER written down. All devices should be plugged into the network and scanned for malware each time they are attached.
- Back Up Often – Back up your files on a regular basis to avoid losing data in the case of a breach.
- Install the Highest Security – Your business should have the highest security protocols from software to employee protocols. If you have questions on how to protect your small business from cyber crimes call M&H Consultants.
In our global economy many businesses travel expensively to maintain client relations and to take part in conferences on the “latest and greatest” technology for your field of expertise. While the ease of travel is wonderful, your laptop is at risk every time you go mobile. Here are a few ways to protect not only your hardware but software as well.
- To prevent physical damage or theft, use a sturdy, weatherproof, padded bag that doesn’t necessarily look like a computer bag. Backpacks are exceptionally good at hiding technology and the have added room for power cords and other needs when traveling by plane.
- Always keep your laptop in view and in your possession. Just a few seconds and you could be missing a lot of data and your means of working while you travel.
- Use passcodes and authentication passwords so that you are the only one that can use the device.
- Before each trip back up the files that are currently on your laptop. Use password-locking programs and encryption programs.
- Make sure your virus protection is up-to-date.
- Avoid checking your laptop as baggage, rather use it as your carry on piece. Keep it nearby either in your lap or below your feet. Let your laptop go through the x-ray machine but keep an eye on it while it does.
- When using WiFi while traveling attempt to use secured locations rather than public Wi-Fi hotspots.
- Avoid having your laptop stay in an area that is very cold or very hot for too long. That includes cars and trunks of cars while traveling.
- After you return from your trip update files and data and have a test done to be sure you have not picked up any unwanted viruses.
At M&H Consulting, we work alongside many small and medium sized businesses. Many of these business are managed by entrepreneurs who also balance work and family life. Many of them ask our expert advice on online safety for the employees, but keep their children safe as well.
Whether you are an employee of a company that works online or a teen surfing the net, here are a few ways to protect yourself online.
- Never give out personal information whether it is your phone number, address, or parents names without ensuring you are on a secure site.
- Never post something that could come back to hurt you later whether you are in the working world trying to get a job.
- Check for authenticity before downloading or installing software or doing anything that could possibly hurt the computer or mobile device or potentially jeopardize privacy.
- Do not post risque images on business or personal sites.
- Be true to who you are.
- Never open emails that you suspect are from a stranger or could potentially have a virus attached.
- Monitor who has access to different accounts and who your children are dialoguing with on a daily basis.
- Talk to employees as well as you own children about cyberbullying and signs of an online predator.
- Call the National Center for Missing and Exploited Children at (800) 843-5678 if you’re aware of the transmission, use, or viewing of child pornography online. Contact your local law enforcement agency or the FBI if your child has received child pornography via the Internet.
Today’s modern employee carries their work with them everywhere they go via smartphones, tablets or laptops. Mainly this can be seen as a convenience, but for employees that carry around not only their work files on their mobile devices, but also personal information this may be a dangerous practice. Here are a few suggestions to keep your personal information secure especially if you keep personal files, data, photos or financial information on your work devices.
- Beware of Impersonators – Don’t give out personal information on the phone, through the mail or over the Internet unless you’ve initiated the contact or know who you’re dealing with. If a company that claims to have an account with you sends email asking for personal information, don’t click on links in the email. Instead, type the company name into your web browser, go to their site, and contact them through customer service.
- Encrypt Your Data – Keep your browser secure. To guard your online transactions, use encryption software that scrambles information you send over the internet. A “lock” icon on the status bar of your internet browser means your information will be safe when it’s transmitted. Look for the lock before you send personal or financial information online.
- Use Security Software – Install antivirus software, antispyware software, and a firewall. Set your preference to update these protections often. Have your IT Department or Consultants like M&H update your security regularly.
- Lock your Device – Your laptop, phone or table should be locked when you are not using it. Do not use automatic sign ins instead use personal identification protocols.
- Be Wise About Wi-Fi – Before you send personal information over your laptop or smartphone on a public wireless network in a coffee shop, library, airport, hotel, or other public place, see if your information will be protected. If you use an encrypted website, it protects only the information you send to and from that site. If you use a secure wireless network, all the information you send on that network is protected.
Call M&H Consulting if you have questions about your personal or business data and security.