This is part two of a two-part series on protecting digital assets.
In my previous post, I talked about the importance of physical security, Internet security and data security when it comes to protecting your digital assets as a small or mid-sized business. As a small business owner, the importance of protecting your company from cyber-attacks and thieves is critical from an operational and financial standpoint.
Below are three additional ways to protect your company’s digital assets:
Yes Virginia, you do need a password. And because passwords are being cracked by high-end machines running sophisticated password cracking programs, it need to be both long and complex, and ideally, unique to each site or device. How long? At least ten, to maybe as many as fifteen characters is ideal. A six or seven character password can be cracked in hours or days; a password of ten or more characters requires decades or centuries. A strong password cannot be a word that can be found in any dictionary, and uses a mixture of capital and lowercase letters, numbers, and symbols. A simple but memorable way to create unique passwords is to start with a ten character base password that is contained in every password you create, and begin or end the password with something that is easy to remember about the particular site or device. Or you could use a password program such as Keepass.
Many web services are beginning to offer two-factor authentication. If it is available, you should use it. This generally defeats remote attackers. For example, when making certain changes to my Google account, they will send a text message to my cell phone that I need to enter into the web site to confirm my identity and complete the change. As another example, my bank has me enter my user ID on one page, my password on a second page, then answer my secret question on a third, and lastly, shows me an image that I selected when setting up my authentication. The first three steps prove to them that I am legitimate. The last step, the picture, proves to me that they are legitimate. No fake look-alike site is going to know what picture I chose. When you have these sorts of options, I encourage you to take them.
Never give your password out to anyone, even if you called them, and you are pretty sure they are legitimate. With all the call centers in foreign countries, you just never know where that information is going to end up at the end of the day, not that you can trust domestic call center personnel with this information, either.
Googling for Security
Some exploits begin as a seeming error message or virus warning. Even legitimate error messages can have an impact on your security if ignored or answered incorrectly. When in doubt, Google it! Just copy and paste or type the error message, cryptic warning, or what have you into Google and get an explanation. This is great advice when looking at software offers for magic PC fixing software or off-brand security programs. Most of these are a waste of money, and many of them are actually malware programs that will actually harm your computer.
The Security Mindset
It is a well-known fact that the least secure part of the business is the person behind the keyboard. Many exploits rely on old fashion fraud, deception, and trickery – what is called “social engineering” in the security business. I have seen exploits that began as phone calls from “your Internet Company” that escalated into having the victim help the attacker by assisting them in installing remote access and control software and other malicious software programs. I have a huge collection of very well done, but fake, emails from eBay, PayPal, Amazon, various banks, Intuit (QuickBooks), FedEx, UPS, the USPS, the IRS, and even the United Nations. These all exhibit perfect trade dress, they use the proper logos, company colors, and type styles, and many come with the Trust-E Seal boldly emblazoned at the bottom.
A healthy suspicion, even bordering on paranoia, is your best defense again these clever fraudsters. Avoid clicking on links in emails; it is much safer to type the web address into the address bar of your browser. Is there a problem with your bank account? Never click on the offered link. Just go there the way you normally would, using a Favorite or a shortcut, or just type in their web address.
The Bottom Line
Good computer and network security policies and procedures will save your business from data loss, downtime, and the loss of client information and intellectual property, and even financial losses. Work with your computer support professional to set up an effective security program for your company, or to improve whatever you have in place now. The time and expense is minimal when compared to the potential losses.