Keeping your company safe means keeping your customers safe. In a world where technology is a necessary blessing, it can also be a frustrating curse. Along with the increased efficiency and value the virtual world offers, there is also an increase of virtual assailants looking for a way to lay siege to your castle. Here are five important ways to get started in protecting your business against a security breach.
Prevent Denial of Service Attacks
Image via Flickr by kennymatic
Hackers sometimes take an aggressive approach by flooding websites with traffic they can’t handle. This is called a distributed denial of service (DDoS) attack and it is usually used to hold a site for ransom or distract it while the hackers probe for vulnerabilities. In 2014, the Lizard Squad threatened Microsoft and Sony that they would take down their gaming networks. On Christmas day a DDoS attack took down both PSN and Xbox Live for 12 to 14 hours, leaving many frustrated people unable to play their new systems or games. The hackers claimed their reasoning was to show Microsoft and Sony that they did not have real talent behind the scenes or else they wouldn’t be so vulnerable. To avoid a DDoS attack, you should plan to get protection from your hosting provider.
Create Strong Passwords and Change Them Regularly
Image via Flickr by perspec_photo88
Even in today’s world of digital theft and vandalism, the most common passwords are still sequential numbers (“123456” remains in first place) and the word “password.” Passwords should be unique to your person and should include numbers and letters. Your passwords should be difficult to guess and changed on a monthly or even weekly basis. If you’re worried about having to remember all your passwords, or you’re afraid that where you store them might be vulnerable, opt for a password manager. There are numerous cloud-based password managers, such as LastPass, that have mobile apps, extensions and desktop apps for numerous browsers and operating systems. Your passwords are stored in an encrypted form and are even subject to a variety of two-factor authentication options so you don’t have to worry about anyone accessing your passwords.
Choose the Right Software
Image via Flickr by Yu. Samoilov
Some software is paired with spyware or Trojans that are installed onto your systems when you download the software. The right anti-virus and anti-spyware programs will keep your systems safe from these attacks. Companies that are dedicated to their own security will help increase yours.
You should also choose vendors dedicated to increasing your security with their services. Sage offers safe payment processing, payroll management, and accounting services. Your company needs protection against the fraudulent transactions that you as a merchant are now liable for. A good payment processing company will offer preventative solutions.
Use Two-Factor Authentication
There are hackers out there trying to steal the identities of your administrators as well as trying to break passwords. With this two-front attack, it is smart to have two-factor authentication. To make sure visitors are human and not automated hacking programs, you can require them to complete a CAPTCHA before signing up for an account or leaving a comment on your blog. But you should also have a sign-in paired with a CAPTCHA for your blog writers, so a malicious bot can’t simply guess the password and start posting spam. For your more secure information, the authentication process could include something to actually identify which person is logging on, helping reduce stolen identities. For this type of two-factor authentication, a one-time use code is usually texted to a phone owned by the user.
Ask for Certifications
Image via Flickr by perspec_photo88
The Ponemon Institute has published a report that shows that third-party providers (e.g., hosters, call centers, shredders) have a large connection to the likelihood of a company breach. Don’t be afraid to ask your cloud storage company if they have SSAE16 cloud-security certification. Ask your payment processing company if they are implementing best practices from the Payment Card Industry’s Data Security Standard (PCI-DSS). The more you partner with secure third-party providers, the less vulnerable your back door will be.
There are a myriad of ways to keep your company safe and just as many ways your company might be left vulnerable. Once you’ve started with these suggestions, it’s always smart to have a tech person on hand to help you in case of a breach and to double-check your plans to stay secure, even if you can’t afford one full-time.