5 Tips for Business Security: The most pervasive security myth is the one that has business owners sticking their heads in the sand, ostrich-style. It wont happen to me, small business owners say when they hear about targeted attacks, phishing scams, and sophisticated malware. Im too small for the criminals to bother with, they think, when they hear about data breaches, network intrusions, and website attacks. If that was ever true, its wishful thinking today. Its increasingly clear that cyber-criminals dont look at the size of the company when launching their attacks. Data is data, and even the smallest organization has valuable data the criminals can steal and sell. The days of Im too small for them to find me are long gone. In many cases, the small business may just be a stepping point in a chain of attacks, with the criminals targeting the smaller and weaker networks as part of a comprehensive campaign against larger partners. Both the volume and sophistication of attacks are growing, making it difficult for SMBs to keep up their defenses. In honor of National SMB Week, the Certificate Authority Security Council has provided a few simple steps SMBs can follow to secure their online presence. With these tips, business owners can make sure their site visitors can safely visit, search, enter personal information, and complete a transaction. Passwords Are Essential The first suggestion is to Create unbreakable passwords for accounts related to your online presence, such as the domain registrar, hosting account, SSL provider, social media, and PayPal, among others, said Rick Andrews, technical director of Symantec, on the behalf of CASC. While there is a lot of discussion about the need for better authentication schemes, passwords are still the main way to protect online accounts, making strong passwords essential. Criminals can easily set up computers to cycle through random combinations to brute-force attacks. If the password is weak, this process takes very little time. PCMag recommends using a password manager to randomly generate strong passwords and to store them securely. If the service offers two-factor authentication, you should really take advantage of the extra layer of protection. Scan Your Sites Websites can be infected with malware, just like your PC. Regularly scan your site for vulnerabilities and malware. Attackers can take advantage of vulnerabilities to infect the site with malware or inject malicious code to redirect visitors somewhere else. Infected sites may load slowly, display unwanted advertisements, and infect user computers with malware. Look for a site scanner—something like StopTheHacker Web-Malware Scanning— that will monitor your site for problems and alert you when necessary. Update & Patch Is your Web server regularly being updated and patched? Its not just the server, though—your Website also needs to be regularly patched. If you used a popular content management system (CMS) such as WordPress or e-commerce platform such as Zen Cart, then you need to make sure you are updating your software regularly. Attackers frequently target plugins in WordPress, so installing patches regularly is a must. Check with your hosting provider or site maintainer to find out if all the software is being updated on a regular basis. Updates must be installed on your website, just like installing the latest Windows Updates on your PC, Andrews said. SSL Certificates Consumers need to trust you are a legitimate business, and SSL certificates help verify your identity. No site should attempt to collect personal information or e-commerce without a trustworthy SSL certificate to assure users their information is safe. Dont Lose Control No matter who you hire to work on your site, the business should always retain control of the domain name, SSL certificate, and actual Website. Its all too common for business owners to hire someone to build their website, and when that person leaves, there goes the only person with access to the SSL, domain name, and hosting account. Its harder to add people to the account or transfer ownership when the original account holder is not around. If building and maintaining the website is outsourced to a third party, make sure someone within the organization is also on the accounts to retain control. If the employee leaving is the one who had access to the accounts, make sure to add a new person to the account beforehand. This way you will be able to still manage your certificate, domain name, and hosting account. If you have any questions/concerns about the security of your business or your computers used there, contact us anytime at Abacus IT so we can help you get set up correctly and securely so you have whats needed most... peace of mind.
Posted on: Tue, 18 Mar 2014 19:20:09 +0000