With so many people working remotely, or combining remote with in-office time, it’s more important than ever to set up and utilize IT security and privacy protocols that work wherever you are located.
As part of National Cybersecurity Awareness Month, we wanted to share several tools and policies that you can put in place if you do not have tech support, such as Sinu provides as part of its all-inclusive service. These suggested best practices provide a layer of protection to mitigate the risk of data breaches and malware and are well worth the time they take to implement.
The list below is by no means exhaustive, but the steps outlined provide a strong start to ensuring you do your part to #BeCyberSmart.
1. Update Your Operating System
New malware is constantly generated, threatening your computer or device, its operating system (OS), and the software/apps installed on it.
The first step is to run on the latest operating system. New versions of operating systems are released on a regular basis to eliminate bugs, incorporate security improvements, and enhance software and hardware compatibility. So, if your computer alerts you to the availability of system updates, don’t ignore it.
Before updating your operating system, back up all your data and check to see if your hardware and other solutions are compatible with any upgrades before installing them.
To check for Windows updates, select the Start button > Settings > Update & Security > Windows Update, and then select Check for updates. You can find more information on the Microsoft website. Apple computers can get critical system updates from their website at Apple Support Downloads. For a chronology of updates since 2003 and earlier, visit Apple Security Updates. To set the frequency of checking for Apple updates, go to Apple main menu > System Preferences > Software Update.
2. Install Antivirus
You also need to protect your computer against viruses. There is a free antivirus software from AVG (www.avg.com). If you decide to use AVG, uninstall any existing antivirus software before installing AVG software. Run a full scan of your machine after installing the software and configure AVG to run full weekly scans of your machine.
3. Automate Critical Updates
Sinu takes care of critical updates automatically, but if you are managing your own IT, you may want to prioritize the upgrades and time them so they do not interfere with your work schedule. In addition to your operating system and antivirus software, here is a list of critical updates in order of priority:
- Internet browser
- Flash player
- Adobe Reader
- Firewall
- Microsoft Office products
While reviewing and managing critical updates, remove any unused or obsolete technology. Obsolete and unused technology is just another potential weak link in your office security; software which is no longer supported creates serious vulnerabilities.
4. Use Strong Passwords
The most secure passwords are long, include special characters, do not repeat between accounts, and do not have personal information.
Here are some tips for generating secure passwords:
- Generate a different and secure password for each online account.
- Make a random 2 to 4-word passphrase that does not include any elements from your name, organization, address, or any information associated with you (see our article on The World’s Most Hacked Passwords).
- When generating your own password, it should contain upper and lowercase letters, punctuation, a number, and be a minimum of 14 characters long.
- Change passwords when prompted by your online account.
- Do not store your password list in the cloud, such as on Google Docs or Dropbox.
There are several password management solutions that can help you both generate and manage secure passwords for your online accounts. Lastpass offers free and premium password generation and management services. With Lastpass you only need to remember one master password to access the other passwords it encrypts and stores for you. A good, free tool is xkpasswd, which can help generate strong passwords.
5. Enable Multi-Factor Authentication
In addition to developing strong passwords, you should enable multi-factor authentication whenever offered, prioritizing mailboxes and financial accounts. Multi-factor authentication is an extra layer of security that requires not only a password and username, but also something that only that user has on them, such as a piece of information only they should know or have immediately at hand. It is worth the time to provide a second credential, such as your mobile phone number or an alternative email account, for the added protection.
6. Limit Local Administrative Rights and Create a Unique Account
Even with the best passwords, local administrator rights (LAR) can be a serious vulnerability for some organizations. LAR is the highest level of permission that is granted to a computer user. This level of permission typically allows the user to install software and change configuration settings, allowing someone the ability to shut off the security controls used to protect an organization’s systems, including password controls and anti-malware software. Unapproved software could also be installed, breaking critical applications and causing disruption and downtime. A company can also be exposed to malware, including a number of different phishing scams that can deliberately run code on systems with full permissions if someone inadvertently clicks on a malicious link or opens infected email content. Auditors also frown upon the practice because of its inherent risk.
IT best practices dictate that employees not be given local administrator rights (LAR). For those managing technology and need LAR, we recommend developing a separate username and password, unique from that of the administrator, for an additional layer of security.
7. Use Cloud Server Backups
Online — or cloud server — file backup is the process of storing the contents of your computer’s hard drive, such as your important documents and media files, through the Internet using a third-party online backup service. If your hard drive crashes, your PC or laptop is stolen or damaged, you accidentally erase important information from your computer, or you otherwise lose access to important files, online backup services give you the ability to restore any lost information.
There are differences between backup solutions. For example, a file-level backup backs up only the files and folders. An image-level backup takes “snapshots” of an entire server or other computer where important files are stored and creates backups called images. Backup images can be used to restore files and folders and can also restore a copy of the entire server or computer, including software and settings, onto the same hardware or new hardware.
Another important feature of any backup solution is where the backups are stored. Local backups are stored somewhere in your home office, like on an external hard drive, and can be quicker to access, but are vulnerable to theft and natural disasters. Online backups are stored in the cloud. Cloud backups are not affected by problems or disasters local to your home office, but can be slower to access since they occur over the Internet.
Sinu provides regular backups for its customers’ office PCs and laptops, however, personal computers may not be included. If that is the case, consider subscribing to one of the following services to automate your backup and protect your data:
While Sinu’s preferred solution is image-based cloud server backups, at this time, it might be more practical for you to use an external hard drive to back up your data in your home office. Several options are available from a wide variety of manufacturers including Western Digital, SanDisk, and Seagate.
Regardless of the backup solution you select for your home office, the important thing is to back up your data regularly. (For help with selecting the appropriate backup solution, download Sinu’s white paper, “How to Choose a Backup Solution for Your Organization.”)
Words of advice: When implementing your organization’s cybersecurity plan, choose security tools that will be easy to deploy and use. If they are too difficult to use or they hinder productivity, your employees will likely disable them or work around them and leave the organization at risk.
Looking for more cybersecurity ideas? You can find great information from The National Cyber Security Alliance’s (NCSA’s) CyberSecure My Business™ program. They offer free tools, resources, workshops and webinars all year round to help small businesses and nonprofits assess cybersecurity risks and make a plan to guard against cyber threats.
