Today, the second Tuesday of February, has been marked as “Safer Internet Day. For the past decade, it has served as a day of awareness on how to keep the online world a safe and protected experience for all.
For the engineers and employees of Comodo, this is the mantra of the company – creating technology that creates a safe and secure environment.
Back in October, Comodo talked about this very issue and highlighted steps consumers and enterprise could take to secure their online worlds, in a byline feature by Comodo’s Buket Baran in Safety Outlook.
The information contained in the piece was just as relevant today as it was in October and we wanted to re-share it today:
All Businesses Are Targets for Cyberattacks: How Can You Protect Yourself?
Computer networks, mobile services, cloud computing, the internet of things… soon to become the internet of “everything”. Since the emergence of the internet, boundaries have disappeared and the world has shrunk. But with that contraction, has emerged the growth of cyber criminals exposing the insecurity of humans and end points.
Every business that uses the Internet should be aware of cyber threats and create a policy to provide protection for all the data contained within the company – both business and personnel data.
Computing security and safety at work is critical to the success of any business. However, some companies can’t afford large IT departments to deal with potential computing issues and cyber attacks – so what’s a small business to do? Below is my top 10 list of key areas of concern and fixes that any small business can look to implement, which keep costs and structure low and yield high protection and security. Once your company has been infected, it could be too late.
- Increase employee cybersecurity education in your company: We are our own worst enemies when we have insufficient or wrong information about security. Sometimes, simple education can be a low-cost, high reward solution. Employees are as responsible for protecting company data as they are for their own credit cards. Make employees aware of phishing e-mails, encourage them to create strong passwords on their end point accounts (and periodically change those passwords) and encourage employees to report suspicious behavior on their PC/endpoint.
- Use a low cost, internet security suite to provide layers of protection: Instead of classical antivirus solution, stay protected with an advanced internet security suite containing antivirus, intrusion detection and prevention systems and firewall tools. Prioritize using a protective solution rather than detection-oriented software and make sure they are kept up-to-date.
- Be ready for zero-day attacks: Instead of using classical antivirus signature-based protection tools, try using a solution that focuses on containment. Antivirus software is about detection. Containment is about protection.
- Stay updated with the latest fixes and patches: Updates are not a time wasting process but a cyber saving activity which ensures your IT has the latest fixes for your operating system and other third party software. Any security weaknesses found on your OS or software can be fixed with new updates and patches.
- Back-up, back-up and back-up: Ensure that you back up your personal and critical work data on a regular basis and store files correctly. There are numerous third party backup service available to backup and restore files to a secure server on a scheduled basis.
- Think twice before you connect to a public WiFi: It may be a good idea to sit in a coffee shop and check company e-mails however it is not a good idea to trust a public WiFi. Attackers often use wireless sniffers to steal data over unprotected networks. The best way to protect yourself and your company from this is to ignore connecting to these networks, if at all possible.
- Use a secure browser: Most of the popular web browsers today are used so frequently that every little vulnerability is known and ready to be attacked by hackers. This is why it is important to use a secure web browser while surfing. Non-secure browsing might lead to financial loss in case of the infamous “man in the middle” attacks.
- BYOD does not mean BYOV (bring your own viruses): Since the “bring your own device“ approach is being used within businesses today, it is important to ensure any mobile device that is used for business and application work is configured to your network security standards and protocols. Especially important is to be prepared for a lost or stolen device. Have technology protocols in place that are able to lock, secure or wipe data from a device that might be stolen.
- Use encryption technology whenever possible: Encryption is one of the best ways to secure a data transmission. Use encryption technology on e-mail traffic and wireless networks to protect sensitive data and account information. Many of the breaches today would not be “news” if the data was encrypted.
- Establish set access controls and protocols: For each individual within the company, create a specific user account and ensure set protocols and access are in place to allow only those that need access to get access. Access of other unauthorized individuals should be prevented on these accounts. Make sure these computers will be locked in case it is left unattended so it will be used only by its owner.
Many of these technologies and protocols are little to no cost – yet can have a significant impact on the security of company’s infrastructure. Ensure you go through this checklist and follow these guidelines to keep your IT infrastructure secure and safe.