We lock our doors when we leave the house, cover the number pad at ATM machines, and are wary of unknown visitors to our homes. This level of vigilance helps keeps us secure, and reduces the risk of becoming a victim of crime.
(This post was published earlier this week on Microsoft’s Small and Medium Business Blog.)
However, in the online world, many of us are not nearly as careful, and there are many people waiting for any opportunity to take advantage of this complacence, usually for financial gain. The good news is that all you need to drastically improve your IT security is a little bit of upfront effort (I mean you don’t want to get caught out like this guy!), maintain a few easy habits, and some basic Irish cop on! It will take about 3 minutes to read this, but it could save you a TON of hassle AND money, so let’s get started…
Believe it or not, many people’s passwords are still something like qwerty, password, or 123456. This is practically inviting hackers into your system. And once they get in, what can they see? Perhaps bank details, other passwords, confidential files like email and proprietary information, and anything that can be used to cause you major headaches if this data was lost or made public. What is best practice? Choose a complex password (have it as unconnected to you as possible, i.e. no birthdays, petnames etc.), don’t use the same one for multiple applications, and use 2 factor authentication (e.g. you need a PIN as well as a password) on some programs. Your bank likely requires this for online banking. We published a blog post recently which discusses passwords in more detail, so is well worth a look.
As an IT provider, we have a policy of never delivering a PC or laptop without a good quality antivirus program, which should have at least these features: inbuilt firewall; malware protection; and an email spam filter. As soon as you go online, you are automatically a target for viruses, malware, and ransomware, and antivirus is your first line of defense. In addition, it’s important not to have 2 antivirus programs running, as this can slow down your computer, and/or block certain applications from running. Antivirus might throw up “false positive” warnings for programs you trust, so use common sense and dismiss some of these warnings as warranted. Invest in a good quality program, and keep it updated using the manufacturers update schedule.
If you see a message telling you that windows updates are available, don’t postpone this, and just go ahead and do it. Security patches for newly discovered vulnerabilities are often included, so this is another checkmark in keeping you secure.
Encrypting your laptop is a good idea if you frequently take your laptop away from home or office. Here’s the deal: Even if you have a good Windows password, someone with advanced technical skills can get around this if your device gets stolen. However, if your device has also been encrypted, the only way it can be accessed is with the encryption key. The major point to note here is that if you lose the encryption key, then you also won’t be able to access your device either! Recommended approach, create a good key, memorise it and store in a secure location.
If you store files on your PC or server, a regular backup (at least daily) to an offsite location is critical. The easiest way to do this is to set up a cloud backup service, which backs up and encrypts your files to a data centre. This way, your encrypted data will be unusable to anyone but you, as unencrypting without the key (which is only held by the data owner) is virtually impossible. If someday you discover that your onsite data has been hacked, you can just retrieve the backup from the previous day. However, if you only use a cloud service to store your files, such as OneDrive, having a secondary backup such as this is probably unnecessary.
There’s an old joke which goes something like “I wouldn’t be so paranoid if everyone wasn’t out to get me”. The irony is that in the online world a lot of people ARE out to get you!! Examples include:
- Enticing you to click a link which locks up all your data, after which you are presented with a demand to pay a ransom to release it. The ruse might be a fake email which informs that you need to confirm your eBay/Netflix/bank account.
- A spoofed email from a colleague asking you to transfer a payment to a 3rd party.
- Clickbait – this is usually harmless, and the intention is generally to get you to watch some inane content. Sometimes however, the result is that all your contacts end up getting spammed, in turn exposing them to risk.
These are all non-technical techniques known as “social engineering”, the idea of which is to get us to divulge data or make a payment using basic trickery. Therefore staying vigilant, suspicious, and yes, even a little paranoid, will increase your security in the long run.
See? I told you it wouldn’t be that bad! Essentially it comes down to preparation, personal responsibility, and vigilance, traits which anyone can adopt. So start improving your IT security today, for yourself and your business. If you need help with any of the above areas, just get in touch and we’ll be happy to provide some guidance: Email me at firstname.lastname@example.org, or call us on 091 395413.