Security Basics 101: Battling the Silent Enemy
Written by:
Joel Caskey
Sr. Technology Business Engineer
NET Xperts LLC
Data security has been a hot topic in the technology industry recently. Credit card compromising, data leakage, and other stolen confidential or proprietary information can all be very costly to a business as well as your customers. Systems administrators and IT providers can put a lot of protection strategies in place to help prevent these types of breaches, but you, as the end user or systems administrator, play a key role in keeping this information safe!
Now, you may be thinking, “Gee Joel, what can I do?” Well, I’m going to tell you! There are some commonly missed holes that are pretty simple, but often overlooked because they are so basic. Here are some of the Security 101 Basic items to look at:
Passwords
You know how your systems admin or provider keeps making you change your password all the time? Guess what! This is the first line of defense in keeping information secure! Here are some things to consider:
-
Change your password on a regular basis. You should be changing your passwords for any system dealing with confidential or proprietary information every 90-120 days.
-
Your password should always have some complexity to it. Using your first name or middle name for a password probably isn’t the best choice. You should also consider a passphrase rather than a password. These are typically longer because they may be a few words rather than one word. That makes them more difficult to crack!
-
Systems Admins: When’s the last time you changed your Administrator password? If you can’t remember, it’s probably time to consider doing it.
-
Never share your password with ANYONE, even your coworkers! This keeps your integrity in-tact and keeps someone from using your password or security credentials to perform operations that may be hazardous to the security of your data.
Physical Security
This one commonly gets overlooked because it’s the unknown danger. A password is not enough to protect a server from someone who has physical access to the device. What’s stopping someone from picking that server up and carrying it off into the sunset? What’s stopping someone from plugging in a USB Stick to that server and booting to it in order to gain unauthorized access to the data on it? Here are some items to keep in mind:
-
If you have a laptop, always keep it in a secure place. Leaving your laptop bag at a table in the coffee shop while you go up for a refill out of sight is a great way for your laptop to get swiped.
-
When you walk away from your computer and/or desk, always make sure you secure your workstation by locking your screen with a password. This prevents someone from coming up after you walk away, sitting down at your computer, and potentially compromising your data or your customers’ sensitive information.
-
Servers and network equipment should ALWAYS be in a secure location. These are the vital components to your system. These items should always be in a secure place that has access restricted to only the people that need to have access to them (for example, only your IT team). Some compliance rules also state that this access needs to be auditable (badge readers, for example). Having this equipment out in the open is inviting someone to plug an unauthorized device into your network or attempt a break-in to the server.
Viruses and Phishing Attempts
Hackers absolutely love these because they typically play on someone’s trust. You may go to a seemingly-legitimate website that may be infected, or you may get an E-mail that looks like it’s coming from a trusted source asking you for your personal information or password. Here are some things that you can do to protect yourself:
-
-
Never send passwords or other confidential information by E-mail. E-mail by default is not secured.
-
If you receive an E-mail with a link in it, be cautious of clicking on the link. If the link is coming from someone that you don’t know, don’t click the link.
-
If someone is asking you for sensitive information, be sure to verify the identity of the person or group that is asking for the information prior to providing the information.
-
- For example, one of the most common viruses going around right now will attempt to lock you out of your computer and pop up a message claiming to be from Microsoft, stating that if you call a phone number and pay a certain amount of money on your credit card, Microsoft will clean your computer for you. This is a hoax and an easy way for someone to compromise your credit card – you’re giving them your information!
-
Always make sure you have virus protection on your computers and servers. Virus protection is a key item in keeping your network secure.
-
Be cautious of where you browse on the internet. Just because a site comes up in a Google search does not necessarily mean that it’s a legitimate, safe, clean site. Take a moment and look before you click!
The items that I’m talking about here are the basic of the basic, but often these get overlooked because of being so basic. Because of this, these are prime targets for hackers to obtain your information and your customers’ information. Keep in mind that these are just the basics. We can provide you with an evaluation of your network to identify and bridge those gaps. Contact your NET Xperts LLC Technology Business Consultant and we can arrange a discussion about best practices and get you and your business on the path to a more data-secure future!
