It’s hard enough keeping your personal information secure online, and for businesses it’s even more difficult — and more important. Here are our top 10 recommendations to lock down and beef up your business security.
1. Have an easy-to-read security policy
In companies with employees, everyone needs to be careful and vigilant with company data. An official-looking email or a stray USB drive found in the parking lot can mean disaster for your network and data.
Make sure your employees know the threats your company faces, and create a short list of rules that make sense and are easy to follow. Put up a friendly flyer with these tips in the break room or by the front door. Don’t drown everyone in technical jargon, but remind your employees that data security is everyone’s responsibility.
2. Ask advertisers not to track you
Newer versions of Firefox, Internet Explorer, Chrome, and Opera support a technology and policy directive called Do Not Track. Do Not Track lets users opt out of third-party web tracking, often by advertisers and search engines. Some companies honor the setting, but many don’t.
Nevertheless, as we demand not to be spied on as we live, work, and entertain ourselves on the web, the Do Not Track setting will offer us an increasing level of privacy as we browse.
3. Encrypt your data
Encryption: It’s the last, best defense against reading your data while in transit over the internet. If your business runs a web site or service where users transmit information to you — no matter how trivial — obtain a security certificate and make sure communication to and from your website is encrypted with SSL. You can also use a browser plugin like HTTPS Everywhere to force sites to use secure connections.
For your personal files and folders, many computers support whole disk encryption (like FileVault for OS X) that can keep your information protected if your computer is lost or stolen. You can also keep your files stored online safe by using cloud storage providers that offer end-to-end encryption, like Sync. Data stored on Sync servers is encrypted and decrypted on your computer, not ours, so we never see the content of your files. Avoid services like Dropbox, Google Drive, and Box.net that don’t provide full privacy and have access to your data.
3. Encrypt your email
Email messages are like postcards — readable in transit by postal workers or anyone who can peek in your mailbox. You can protect yourself by encrypting your sensitive attachments — tax forms, pay stubs, and anything that contains addresses or government ID numbers. Encrypting attachments is easy with Sync — just upload the file to your Vault, and send a secure link to the file.
Also, consider encrypting your email with GPG — an encryption protocol designed specifically for email. There are tools available for Apple Mail, Outlook for Windows, Thunderbird, and even Gmail. The less plain text you send over the internet, the more protected your data is.
5. Lock down your social media accounts
In addition to setting up two-factor authentication to your company’s social media accounts, it’s important to restrict who can tweet and post on your company’s behalf. Something as simple as a child playing with a parent’s phone can mean disaster if an app on the phone can tweet a 5-year-old’s message to a million followers.
Create common-sense rules about who is allowed to post to your company’s social media accounts and when. Consider naming someone a “designated tweeter,” or have your team work in shifts. Finally, use collaboration tools like TweetDeck to keep your feed clean, up-to-date, and on-topic.
6. Shore up your privacy policy
In many areas, business are required to post a privacy policy on their website to describe how they store, transmit, and destroy the information that you send to them. In California, for example, a “do not track” notice is a requirement; In Europe, a clear policy on cookies is a must.
Maybe you copied and pasted your privacy policy a few years ago from another site, or just haven’t updated it. Work with an attorney or other expert that specializes in digital and privacy issues to make sure your privacy policy is not only compliant with the law, but also adequately defending your company and your users.
7. Make sure your staff is happy
One attack vector that many companies may not consider is disgruntled current or former employees. If they’re not happy with you, and they have access to your information, you risk losing that information — and possibly your business.
The number one solution to this is positive, proactive management. Don’t spy on your staff, but do make sure they’re happy. Care about them as people. Schedule regular one-on-one meetings to make sure that they’re still the great asset you hired, and not a great risk.
8. Curb tailgating
In offices with restricted areas, “tailgating” or “piggybacking” is the phenomenon where an unauthorized person can slide in the door just after someone else unlocks it, before it closes. Oftentimes it’s as easy as a smile — holding the door open for the person behind you is polite, and second-nature to many.
Remind employees that it’s their responsibility to discourage repeated attempts at tailgating — but be friendly about it. Everyone’s on the same team, but some information just needs to be kept secret. Also, consider installing doors that safely and quickly shut by themselves, and posting signs to remind employees that tailgating is a bad habit.
9. Use strong passwords
Passwords: Everyone’s gone one. Or a hundred. It’s easy to have the same password everywhere, but it gets dangerous when passwords are hacked or compromised elsewhere on the internet: If that password is used in other places, those other places are instantly vulnerable.
Encourage employees to use passwords that are long and difficult to guess. Passwords should at least eight characters long, include a variety of upper- and lower-case letters, numbers, and punctuation. Lookalike characters are good ideas too (like a zero and a capital O) to foil someone glimpsing your password over your shoulder. Avoid words in the dictionary, names, birthdates, keyboard patterns, and repeating sequences of letters and numbers. Whatever you do, don’t send passwords in emails. Also, change your passwords like you would your smoke detector battery — about every six months. Or, you could change it more frequently, and maybe even change your life.
10. Keep your data in Canada
Here in Canada, some companies (depending on the nature of their business) are required to keep their data in Canada. Moreover, in British Columbia and Nova Scotia, public-sector organizations and some banks are required by law to keep their data in Canada.
The good news here, of course, is that Sync.com is headquartered in Toronto, and all our servers are here in Canada. You can rest assured knowing all your most private data won’t leave the country. For those abroad, know that your data is protected by some of the strongest privacy legislation in the world.
#mediaviewer/File:No_tailgating_sign_-_Apple.jpg){kind=link}