IT Security Tip #24: How to keep staff from unintentionally causing a security breach

With so many access points, from cell phones to laptop and home computers, how can anyone hope to keep their network safe from hackers, viruses and other unintentional security breaches? The answer is not “one thing” but a series of things you have to implement and constantly be vigilant about, such as installing and constantly updating your firewall, antivirus, spam-filtering software and backups. This is why clients hire us – it’s a full-time job for someone with specific expertise (which we have!).

Once that basic foundation is in place, the next most important thing you can do is create an Acceptable Use Policy (AUP) and train your employees on how to use company devices and other security protocols, such as never accessing company e-mail, data or applications with unprotected home PCs and devices (for example). Also, how to create good passwords, how to recognize a phishing e-mail, what websites to never access, etc. Never assume your employees know everything they need to know about IT security. Threats are ever-evolving and attacks are getting more sophisticated and clever by the minute.

This e-mail series is one great way to keep your employees informed, but you still need a good AUP in place and training. If you’d like our help in creating one for your company, based on best practices, call us at 505-792-2375 or reply to this e-mail. You’ll be glad you did.

 

IT Security Tip #25: Do online banking? Read this!

If you do online banking, never access your online account with a PC or device that you use to log in to social media sites or free e-mail accounts (like Hotmail) or to surf the web. Since these are all highly hackable, keeping one PC dedicated to online banking reduces your chances of getting a bank-account-hacking virus. Of course, that PC should have antivirus installed, be behind a well-maintained and well-monitored firewall, have a strong password and be monitored for suspicious activity.

 

IT Security Tip #26: Don’t download anything you’re not authorized to download

So you have a big file you need to get over to your printer yesterday and you can’t get it to “send” via e-mail because the file is too big. What should you do? The right thing to do is contact your IT department (us!) so we can assist by installing a secure, commercial-grade file-sharing application. What you shouldn’t do is download a free copy of Dropbox or some other file-sharing software without telling us. Dropbox and other free apps come with a price: SECURITY. These applications are known for security vulnerabilities and hacks. Plus, if we don’t know about it, we can’t manage it or secure it; so the golden rule is this: never download any software or application without checking with your IT department first!

 

IT Security Tip #27: Start with the basics!

You’ve heard the advice countless times before: you must have antivirus software and a strong firewall. However, in this day and age, there is more to the security “basics” than a solid firewall. What about the employee who inadvertently clicks on an e-mail on her phone from a foreign ambassador trying to move money to the US. She sees it’s a scam, but it’s too late…her phone is infected and now sending a copy of every outgoing e-mail to a Russian crime network. Have you trained your employees? Don’t open an Excel attachment called “Invoice” from someone you don’t know – trust me, they’ll call you if you owe them money. A single crack in your armor can open the door for network attacks. Get serious about locking down your devices, e-mail filtering and teaching your users how to not lose last year’s P&L to a crime ring by trying to help a Nigerian prince.

IT Security Tip #28: Change your name, and I don’t mean the last one

Too often we see e-mail usernames and prefixes the same across multiple free e-mail services. For example:

jimmy67chevy@aol.com

jimmy67chevy@gmail.com

jimmy67chevy@yahoo.com

jimmy67chevy@icloud.com

This makes the work of hackers and cybercriminals way too easy. With the first part easy to figure out, they can get access to other online services and data or even spoof your e-mail addresses to others. Variety is the spice of life. Introduce it to your e-mail addresses.