Secure Your Information - Being a Business Owner is Never Easy.

In the world of ever evolving technology and digital information, we need to ensure that the data stored by our business is always secured. I was taught from younger to always look for the good in people and always look on the bright side, but as time went alone and I started to explore various avenues in life, I realized that sometimes people’s intentions are not always good. My friends at CFSI - Computer Forensics and Security Institute gave me a new perspective on data security and personal safety.?

When your customer comes to you, they are trusting you with their information, whether it is being collected for internal use, such as contact information, or financial information such as their banking details or credit card information. It is not recent, but it is more prevalent now, where persons with malicious intentions, also known as hackers, are gaining access to company’s databases and holding their information for ransom, i.e. ransomware, or they are infecting the systems with viruses that will either corrupt the information or crash your network. Don’t believe me, check out the content from CFSI’s Youtube Channel where they shared insight in some on the threats that you can face.

The intention is not to scare you, just to make you aware of some the threats that we face as we expand and develop our businesses. My thought is that if we are aware of the threats, we can implement controls or invest in the right tools to keep us protected.?

Some of these things may seem simple to me but we tend to overlook their importance.?

? Your anti-virus and anti-malware software should protect you against malware and viruses.?

? Scan storage devices with anti-virus before using them.?

? Keep your devices updated. There are patches that are circulated on a regular basis to address any vulnerabilities with the operating system or for software being used. It is advised that you review the changes, so you know what is being updated and fixed.?

? Don’t use the same password for multiple logons.?

? Follow the password configuration guidelines, using passwords that should not be easily deciphered.?

? Don’t write down your passwords or leave them in a location that is easily accessible b

? Encrypt your documents before sending them to another person and NEVER send the password for the encrypted file in the same email as the attached document.?

? Don’t click links in emails that you are not expecting.?

? Keep your devices safe. Don’t leave them in your vehicles or in high temperature rooms. Ensure that the room is secured, lock and key to safeguard against theft.?

? Do not connect to open hotspots. Yes, it is free internet, but anyone can access your device via that hotspot since it leaves you vulnerable.?

? Back-up your data on a periodic basis. Determine the volume and nature of your data and how often you think you need to back-up, whether it is daily or weekly.?

? Educate your team on data protection and cybersecurity. They are the ones receiving and disseminating the information for your business.?

As a start-up you may not need extensive security settings, but you need to be aware of some of the possible threats and safeguards available. We want to ensure that at the very least, we have anti-virus software installed on all devices used for business purposes, laptops, desktops, tablets, mobile phones, anywhere that information is stored. Firewalls can be a bit tricky if you are not familiar with its function and intended use, so you may want to consult an expert before you add it your infrastructure. It is only when you expand your business or depending on the nature of your business, then you will want to invest in servers or data centers for the storage of larger volumes of data and by that time the security features that need to be installed will get more intense.?

There are simple things that you can do to secure the information stored personally, or for your business. Let me share what I have learned so far. Start with the anti-virus software being installed on all devices, but simply having the software installed is not enough. Cyber threats are growing every day. An anti-virus and anti-malware solution contains a database of threats to protect against, which needs to be updated periodically to ensure that you are adequately protected. This is important and let me show you why. If you installed your anti-virus software last month, and I created a new virus a week after your installation, the database will not have a record of the virus that I created to protect you against it. Once the developers of the anti-virus software become aware of my creation, they will add it to the database and your database is updated once you are connected to the internet, without prompting you for action. If you are not normally connected to the internet, the next time you connect the database will be updated. If you are prompted for an update for some reason, please do not ignore the update.?

Another simple way to secure your information is by ensuring that all devices require a password or multiple security features, such as passcodes, biometrics (i.e. fingerprints) as well as the complexity of your password. Sounds simple right but it goes a long way. We want to ensure that the person trying to enter your network has a really hard time guessing your password. Best Practice is that your password should be at least eight (8) characters but with the advancements that I am aware of, my minimum is set at sixteen (16) characters.?

The password should contain characters from three of the following categories and changed at least every thirty (30) days or if you think your password has been compromised:

? Uppercase letters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)

? Lowercase letters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)

? Base 10 digits (0 through 9)

? Non-alphanumeric characters (special characters): (~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/) Currency symbols such as the Euro or British Pound aren't counted as special characters for this policy setting.

? Any Unicode character that's categorized as an alphabetic character but isn't uppercase or lowercase. This group includes Unicode characters from Asian languages.

I didn’t make this up, it came from - Password must meet complexity requirements (Windows 10) - Windows security | Microsoft Docs

File encryption is also another option. Depending on the information stored within a document or a collection of documents, you might want to encrypt the files. This means that the data will be scrambled and can only be unscrambled with the password that you created for the document or the file folder. The downside to this, however, if you forget your password or lose your key then your data is lost.?Microsoft Support provides instructions on how you can encrypt your files. See the link:?How to encrypt a file (microsoft.com).?

Check out the links that I shared and do some research into to the various threats that exist. Educate yourself on technological advances and events taking place around the world. Raise awareness amongst your employees and family. If cybersecurity and data protection is important to you it will be important to everyone around you.?